Credentials Cache File Problem Running with 'cron'

Alexandra Ellwood lxs at MIT.EDU
Fri Dec 5 08:53:16 EST 2008


On Dec 5, 2008, at 7:15 AM, Dennis Putnam wrote:

> I have what I thought was a perl problem using Kerberos
> authentication. However, after many emails with perl experts, the
> consensus is that this is really a problem with the Kerberos library.
> Hopefully, someone on this list will recognize the problem an can
> suggest a solution.
>
> This particular script runs fine when executed from the command line
> (I'm using OS X 10.4.11). When the same command is run from 'cron' or
> 'at' the following error occurs:
>
> Credentials cache I/O operation failed XXX
>
> I am told that this error indicates there was a problem writing the
> credentials cache file. The first thought was that it had to do with
> permissions but the script does the same thing even running as root.
> The second thought was that it had to do with an environment variable
> but again that is not the case since perl runs in its own environment
> so the variables are identical running from command line or 'cron'. At
> that point, the author of the perl interface said that all his code
> does is make standard Kerberos library calls. Since Apple uses the
> standard MIT libraries, the conclusion is that this must be something
> specific to the library rather then perl or the OS. Can anyone help?
> TIA.


By default Kerberos on Mac OS X uses the API credentials cache format  
to store credentials.  This credentials cache is only available from  
user sessions, not from daemon sessions like the one used by cron.  I  
recommend using the environment variable KRB5CCNAME to specify a FILE  
credentials cache format and storing your tickets in that (eg:  
KRB5CCNAME=FILE:/tmp/tickets).  Using the same FILE ccache from your  
perl script should work.


--lxs

Alexandra Ellwood <lxs at mit.edu>
MIT Information Services & Technology
<http://mit.edu/lxs/www>







More information about the Kerberos mailing list