[30504] in Kerberos
Re: Credentials Cache File Problem Running with 'cron'
daemon@ATHENA.MIT.EDU (Alexandra Ellwood)
Fri Dec 5 08:57:22 2008
From: Alexandra Ellwood <lxs@mit.edu>
To: Dennis Putnam <Dennis.Putnam@aimaudit.com>
In-Reply-To: <4E27DD07-683D-499E-B948-D89DB58BDA40@aimaudit.com>
Message-Id: <37372AFF-0D5A-40F0-992D-028EEB0E2AFC@mit.edu>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Fri, 5 Dec 2008 08:53:16 -0500
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Dec 5, 2008, at 7:15 AM, Dennis Putnam wrote:
> I have what I thought was a perl problem using Kerberos
> authentication. However, after many emails with perl experts, the
> consensus is that this is really a problem with the Kerberos library.
> Hopefully, someone on this list will recognize the problem an can
> suggest a solution.
>
> This particular script runs fine when executed from the command line
> (I'm using OS X 10.4.11). When the same command is run from 'cron' or
> 'at' the following error occurs:
>
> Credentials cache I/O operation failed XXX
>
> I am told that this error indicates there was a problem writing the
> credentials cache file. The first thought was that it had to do with
> permissions but the script does the same thing even running as root.
> The second thought was that it had to do with an environment variable
> but again that is not the case since perl runs in its own environment
> so the variables are identical running from command line or 'cron'. At
> that point, the author of the perl interface said that all his code
> does is make standard Kerberos library calls. Since Apple uses the
> standard MIT libraries, the conclusion is that this must be something
> specific to the library rather then perl or the OS. Can anyone help?
> TIA.
By default Kerberos on Mac OS X uses the API credentials cache format
to store credentials. This credentials cache is only available from
user sessions, not from daemon sessions like the one used by cron. I
recommend using the environment variable KRB5CCNAME to specify a FILE
credentials cache format and storing your tickets in that (eg:
KRB5CCNAME=FILE:/tmp/tickets). Using the same FILE ccache from your
perl script should work.
--lxs
Alexandra Ellwood <lxs@mit.edu>
MIT Information Services & Technology
<http://mit.edu/lxs/www>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
