KB-7243: ADuser cannot run 'adinfo' command, getting krb5cache error

Centrify DirectControl ,  

22 July,16 at 07:25 PM

Applies to: 

Centrify DirectControl On All versions


When AD user run Centrify command 'adinfo', it hung.  The error in Centrify debug show as follow:

auth|security:debug adinfo[17104936]: DEBUG base.kerberos.krb5cache Error while to resolving ccache for user, try to get next ccache. 
auth|security:debug adinfo[17104936]: DEBUG util.except (NotFound) : /var/krb5/security/creds: No such directory (reference util/include/path.h:238 rc: 0) 

If AD user try to destroy and reinitialize his/her kerberos credential, the following error will display as follow:

$ /usr/share/centrifydc/kerberos/bin/kdestroy
kdestroy: Credentials cache permissions incorrect while destroying cache
Ticket cache NOT destroyed
$ /usr/share/centrifydc/kerberos/bin/kinit
kinit(v5): Configuration file does not specify default ream when parsing name <Adusername>
$ /usr/share/centrifydc/kerberos/bin/klist
klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/var/krb5/security/creds/krb5cc_#####)


There is a possibility that an Administrator modify the permission on /var/krb5 directory.  By default the permission should be set to '755'


Verify and modify as root the permission on /var/krb5, it should be as follow for example:

drwxr-xr-x   3 root      system       256 Oct 22 2013      krb5

# chmod 755 /var/krb5

