Credentials Cache File Problem Running with 'cron'
lxs at MIT.EDU
Fri Dec 5 08:53:16 EST 2008
On Dec 5, 2008, at 7:15 AM, Dennis Putnam wrote:
> I have what I thought was a perl problem using Kerberos
> authentication. However, after many emails with perl experts, the
> consensus is that this is really a problem with the Kerberos library.
> Hopefully, someone on this list will recognize the problem an can
> suggest a solution.
> This particular script runs fine when executed from the command line
> (I'm using OS X 10.4.11). When the same command is run from 'cron' or
> 'at' the following error occurs:
> Credentials cache I/O operation failed XXX
> I am told that this error indicates there was a problem writing the
> credentials cache file. The first thought was that it had to do with
> permissions but the script does the same thing even running as root.
> The second thought was that it had to do with an environment variable
> but again that is not the case since perl runs in its own environment
> so the variables are identical running from command line or 'cron'. At
> that point, the author of the perl interface said that all his code
> does is make standard Kerberos library calls. Since Apple uses the
> standard MIT libraries, the conclusion is that this must be something
> specific to the library rather then perl or the OS. Can anyone help?
By default Kerberos on Mac OS X uses the API credentials cache format
to store credentials. This credentials cache is only available from
user sessions, not from daemon sessions like the one used by cron. I
recommend using the environment variable KRB5CCNAME to specify a FILE
credentials cache format and storing your tickets in that (eg:
KRB5CCNAME=FILE:/tmp/tickets). Using the same FILE ccache from your
perl script should work.
Alexandra Ellwood <lxs at mit.edu>
MIT Information Services & Technology
More information about the Kerberos