Credentials cache server unavailable - Kerberos

This is a discussion on Credentials cache server unavailable - Kerberos ; I have a daemon which I am trying to port to Mac OS X. It uses the GSS Api with Kerberos to do authentication. I have it booting as part of the SystemStarter scripts at boot time... but when it ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Credentials cache server unavailable

  1. Credentials cache server unavailable

    I have a daemon which I am trying to port to Mac OS X. It uses the
    GSS Api with Kerberos to do authentication. I have it booting as
    part of the SystemStarter scripts at boot time... but when it does,
    and as part of this, it calls kinit (using a keytab) to set up the
    initial principals. However, I get this error message:

    kinit: Error getting initial tickets: Credentials cache server
    unavailable

    Anyone know how I can fix this?

    The script works fine if I run it after the machine is booted up and
    in a terminal.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Credentials cache server unavailable

    The Macintosh uses a credential cache server to hold the ticket cache.
    There is no such server running for background services. You would need to
    write your own code to get credentials from the keytab
    (krb5_get_init_creds_keytab) and hold them in an in-memory cache. You then
    need to point gss to your in-memory cache using gss_krb5_ccache_name.

    Paul Nelson
    Thursby Software Systems, Inc.


    in article 557DA7D2-A7E9-4BD2-A2CF-D52EB56EA89B@sensis.com, Jiva DeVoe at
    jiva.devoe@sensis.com wrote on 11/10/06 10:30 AM:

    > I have a daemon which I am trying to port to Mac OS X. It uses the
    > GSS Api with Kerberos to do authentication. I have it booting as
    > part of the SystemStarter scripts at boot time... but when it does,
    > and as part of this, it calls kinit (using a keytab) to set up the
    > initial principals. However, I get this error message:
    >
    > kinit: Error getting initial tickets: Credentials cache server
    > unavailable
    >
    > Anyone know how I can fix this?
    >
    > The script works fine if I run it after the machine is booted up and
    > in a terminal.
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >



  3. Re: Credentials cache server unavailable

    Paul Nelson writes:

    > The Macintosh uses a credential cache server to hold the ticket cache.
    > There is no such server running for background services. You would need
    > to write your own code to get credentials from the keytab
    > (krb5_get_init_creds_keytab) and hold them in an in-memory cache. You
    > then need to point gss to your in-memory cache using
    > gss_krb5_ccache_name.


    Or, much more trivially, you should be able to set KRB5CCNAME before
    running kinit to FILE:/path/to/ticket/cache to tell it to use a file-based
    cache, and then set KRB5CCNAME to the same value when running your
    application.

    --
    Russ Allbery (rra@stanford.edu)

+ Reply to Thread