Running uxconsole -register with the -sso option in PAM SC results in coredump


Article ID: 209746


Updated On:


CA Privileged Identity Management Endpoint (PIM)


When running 

uxconsole -register -d <domain> -v 4 -n -sso

there is a coredump generated, but the registration in AD takes place (there is a machine object created)

The equivalent command without the -sso option does not create a coredump



When running the uxconsole command with the -sso option, UNAB will try to create an /etc/krb5.keytab file, which is the standard location for Kerberos files. If for some reason the /etc/krb5.keytab is corrupted, core will occur inside the Kerberos code that sets the password on the computer object in AD while updating accordingly the keytab file. Kerberos needs to parse its contents in the process, and it tries to report the error by using fprint() which actually causes a coredump to occur. In the log file it is visible because the coredump appears just after some lines stating we are trying to set the password for the computer in AD. This is the reason why the computer AD object is created.


CA ControlMinder seversion v12.81.0.3924 - Display module's version 

uxconsole version

Other versions may also give the same error


Delete /etc/krb5.keytab and rerun uxconsole