Kerberos Authentication setup: error in libkrb5.so.3 library
Article ID: 95644
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
When we try to validate keytab files using kinit, we get the following
error:
kinit: relocation error: kinit: symbol
krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not
defined in file libkrb5.so.3 with link time reference
Please note that kinit is linked to SSO’s libs, due to the
LD_LIBRARY_PATH configuration for smuser
$ ldd $(which kinit)
linux-vdso.so.1 => (0x00007ffe6adbb000)
libkadm5srv_mit.so.11 => /lib64/libkadm5srv_mit.so.11 (0x00007fa8d6391000)
libkdb5.so.8 => /lib64/libkdb5.so.8 (0x00007fa8d617d000)
libgssrpc.so.4 => /lib64/libgssrpc.so.4 (0x00007fa8d5f5d000)
libgssapi_krb5.so.2 => /opt/CA/siteminder/lib/libgssapi_krb5.so.2 (0x00007fa8d5d04000)
libkrb5.so.3 => /opt/CA/siteminder/lib/libkrb5.so.3 (0x00007fa8d5a10000)
libk5crypto.so.3 => /opt/CA/siteminder/lib/libk5crypto.so.3 (0x00007fa8d57cc000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa8d55c8000)
libkrb5support.so.0 => /opt/CA/siteminder/lib/libkrb5support.so.0 (0x00007fa8d53ba000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa8d51b6000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa8d4f9d000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa8d4d75000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa8d4b71000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa8d47a4000)
libcom_err.so.3 => /opt/CA/siteminder/lib/libcom_err.so.3 (0x00007fa8d45a0000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa8d4384000)
/lib64/ld-linux-x86-64.so.2 (0x00005608ca893000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fa8d4121000)
To solve this error, the only workaround found is to override
LD_LIBRARY_PATH in order to use system libraries
$ export LD_LIBRARY_PATH=/lib64:${LD_LIBRARY_PATH}
Is that correct?
error:
kinit: relocation error: kinit: symbol
krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not
defined in file libkrb5.so.3 with link time reference
Please note that kinit is linked to SSO’s libs, due to the
LD_LIBRARY_PATH configuration for smuser
$ ldd $(which kinit)
linux-vdso.so.1 => (0x00007ffe6adbb000)
libkadm5srv_mit.so.11 => /lib64/libkadm5srv_mit.so.11 (0x00007fa8d6391000)
libkdb5.so.8 => /lib64/libkdb5.so.8 (0x00007fa8d617d000)
libgssrpc.so.4 => /lib64/libgssrpc.so.4 (0x00007fa8d5f5d000)
libgssapi_krb5.so.2 => /opt/CA/siteminder/lib/libgssapi_krb5.so.2 (0x00007fa8d5d04000)
libkrb5.so.3 => /opt/CA/siteminder/lib/libkrb5.so.3 (0x00007fa8d5a10000)
libk5crypto.so.3 => /opt/CA/siteminder/lib/libk5crypto.so.3 (0x00007fa8d57cc000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa8d55c8000)
libkrb5support.so.0 => /opt/CA/siteminder/lib/libkrb5support.so.0 (0x00007fa8d53ba000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa8d51b6000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa8d4f9d000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa8d4d75000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa8d4b71000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa8d47a4000)
libcom_err.so.3 => /opt/CA/siteminder/lib/libcom_err.so.3 (0x00007fa8d45a0000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa8d4384000)
/lib64/ld-linux-x86-64.so.2 (0x00005608ca893000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fa8d4121000)
To solve this error, the only workaround found is to override
LD_LIBRARY_PATH in order to use system libraries
$ export LD_LIBRARY_PATH=/lib64:${LD_LIBRARY_PATH}
Is that correct?
Environment
Web Agent 12.52SP1CR06 on Apache 2.4 on RedHat 7
Resolution
You can modify the LD_LIBRARY_PATH to get the system lib in /lib64
loaded before Siteminder internal libraries"
LD_LIBRARY_PATH is set in ca_ps_env.ksh for siteminder
dependencies. Since Policy Server 12.7 is 64 bit, references in
LD_LIBRARY_PATH should point to 64bit libraries, jvm included
loaded before Siteminder internal libraries"
LD_LIBRARY_PATH is set in ca_ps_env.ksh for siteminder
dependencies. Since Policy Server 12.7 is 64 bit, references in
LD_LIBRARY_PATH should point to 64bit libraries, jvm included
Feedback
Yes
No
Powered by
