'Kerberos ticket "Expired"; Finding old, not new ticket
I'm trying to get Kerberos connecting to a MS SQL database on my Mac (Big Sur). I've been following instructions here. My Kerberos authenticated connections used to work. They stopped working when I tried them recently. This might be due to upgrading the OS.
Per the instructions, I have an /etc/krb5.conf
file that looks something like this:
[libdefaults]
default_realm = DOMAIN.COMPANY.COM
[realms]
DOMAIN.COMPANY.COM = {
kdc = dc-33.domain.company.com
}
When I go to my terminal and run kinit [email protected]
it prompts me for my password. After successfully entering my password, I immediately run the klist
command, as recommended, and I'm getting something like this:
Credentials cache: API:1234A5B6-7C8D-9EF0-B1F9-ED757F2418F4
Principal: [email protected]
Issued Expires Principal
Apr 5 09:02:23 2022 >>>Expired<<< krbtgt/[email protected]
This looks like an old ticket/credential (I'm writing this April 8th) somewhere on my machine. The old ticket is "Expired". Why isn't the klist command retrieving the recent kinit
credential? What would cause this? How can I fix it?
Things I've tried
Naively, in the beginning of all of my Kerberos connectivity issues and before getting this error, I thought I needed to update/upgrade Kerberos. So I installed Kerberos with brew install krb5
. Unfortunately, I think this just confused the OS because Kerberos was then installed in 2 locations.
I saw that the operating system might need to "know" where to find Kerberos files if it gets confused (see above bullet point). So, I added the following lines to my .zshrc
file.
export PATH=/usr/local/opt/krb5/bin:$PATH
export PATH=/usr/local/opt/krb5/sbin:$PATH
export LDFLAGS="-L/usr/local/opt/krb5/lib $LDFLAGS"
export CPPFLAGS="-I/usr/local/opt/krb5/include $CPPFLAGS"
These lines helped while I still had the Homebrew version of Kerberos installed, but I have since run brew uninstall krb5
and now they don't help (see next paragraph).
I did a search in my terminal for the krb5
folder using this command sudo find / -name "krb5"
. When I searched through the long list of results, I found several krb5
folders, but none of them had bin
, sbin
, lib
or include
directories in them. So, it seems that during the brew uninstall krb5
command those files were removed from my system as well as the files in /usr/local/Cellar
.
I haven't tried installing the "Prerequisites" on the instruction page yet, because my Kerberos used to work already in the past. So, I'm assuming that the prerequisites should already be in place, unless they changed during my OS update. I was hesitant to try that because of the issues the brew install
attempt created.
Conclusion
It's obvious the Kerberos is still installed somewhere on my machine because it will prompt me to enter my password after kinit
and knows if the password entered is valid or not. The credentials are "Expired" immediately after being created. How can I fix this?
Solution 1:[1]
install
ing and uninstall
ing kerberos appears to have messed with some of your OS settings. This, combined with a recent OS update probably requires a restart, if you haven't already done so.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Jed |