我正在尝试让Kerberos连接到Mac(Big Sur)上的MS SQL数据库。我一直在按照说明在这里。我的Kerberos经过验证的连接用于工作。最近我尝试时,他们停止工作。此可能是由于升级OS。
根据说明,我有一个 /etc/krb5.conf 文件,看起来像这样:
[libdefaults]
default_realm = DOMAIN.COMPANY.COM
[realms]
DOMAIN.COMPANY.COM = {
kdc = dc-33.domain.company.com
}
当我去终端并运行 kinit > [email  procected] ITS POSSICS SODACTS ME packations me pactosions my packates。成功输入密码后,我立即按照建议运行 klist 命令,并且我得到了这样的东西:
Credentials cache: API:1234A5B6-7C8D-9EF0-B1F9-ED757F2418F4
Principal: [email protected]
Issued Expires Principal
Apr 5 09:02:23 2022 >>>Expired<<< krbtgt/[email protected]
这看起来像旧的票/凭据(我是在4月8日写的)在我的机器上。旧票已过期。为什么KLIST命令不检索最新的 kinit 凭据?什么会导致这个?我该如何修复?
我都尝试过一些事情
在所有Kerberos连接问题的开头,在遇到此错误之前, ,我认为我需要更新/升级Kerberos。因此,我使用 brew install krb5 安装了kerberos。不幸的是,我认为这只是混淆了操作系统,因为然后将Kerberos安装在两个位置。
我看到操作系统可能需要“知道”在哪里找到Kerberos文件(请参见上面的Bullet Point)。因此,我将以下行添加到我的 .zshrc 文件中。
export PATH=/usr/local/opt/krb5/bin:$PATH
export PATH=/usr/local/opt/krb5/sbin:$PATH
export LDFLAGS="-L/usr/local/opt/krb5/lib $LDFLAGS"
export CPPFLAGS="-I/usr/local/opt/krb5/include $CPPFLAGS"
当我仍然安装了Hommbrew版本的Kerberos时,这些线路有所帮助,但是从那以后,我一直在运行 Brew卸载Krb5 ,现在它们无济于事(请参阅下一段)。
我在终端搜索了 krb5 文件夹,使用此命令 sudo find/-name“ krb5” 。当我搜索长的结果列表时,我找到了几个 krb5 文件夹,但是它们都没有 bin , sbin , lib 或在其中包含目录。因此,看来在 brew卸载期间,krb5 命令命令从我的系统中删除这些文件以及/usr/usr/local/cellar 中的文件。
我没有尝试在指令页但是,因为我的kerberos过去已经工作了。因此,我假设先决条件应该已经到位,除非它们在我的操作系统更新过程中进行了更改。由于问题 brew install 创建的尝试,我很犹豫要尝试。
结论
很明显,kerberos仍在我的计算机上安装,因为它会提示我在 kinit 之后输入密码,并且知道输入的密码是否有效。创建后,凭据立即“过期”。我该如何解决?
I'm trying to get Kerberos connecting to a MS SQL database on my Mac (Big Sur). I've been following instructions here. My Kerberos authenticated connections used to work. They stopped working when I tried them recently. This might be due to upgrading the OS.
Per the instructions, I have an /etc/krb5.conf file that looks something like this:
[libdefaults]
default_realm = DOMAIN.COMPANY.COM
[realms]
DOMAIN.COMPANY.COM = {
kdc = dc-33.domain.company.com
}
When I go to my terminal and run kinit [email protected] it prompts me for my password. After successfully entering my password, I immediately run the klist command, as recommended, and I'm getting something like this:
Credentials cache: API:1234A5B6-7C8D-9EF0-B1F9-ED757F2418F4
Principal: [email protected]
Issued Expires Principal
Apr 5 09:02:23 2022 >>>Expired<<< krbtgt/[email protected]
This looks like an old ticket/credential (I'm writing this April 8th) somewhere on my machine. The old ticket is "Expired". Why isn't the klist command retrieving the recent kinit credential? What would cause this? How can I fix it?
Things I've tried
Naively, in the beginning of all of my Kerberos connectivity issues and before getting this error, I thought I needed to update/upgrade Kerberos. So I installed Kerberos with brew install krb5. Unfortunately, I think this just confused the OS because Kerberos was then installed in 2 locations.
I saw that the operating system might need to "know" where to find Kerberos files if it gets confused (see above bullet point). So, I added the following lines to my .zshrc file.
export PATH=/usr/local/opt/krb5/bin:$PATH
export PATH=/usr/local/opt/krb5/sbin:$PATH
export LDFLAGS="-L/usr/local/opt/krb5/lib $LDFLAGS"
export CPPFLAGS="-I/usr/local/opt/krb5/include $CPPFLAGS"
These lines helped while I still had the Homebrew version of Kerberos installed, but I have since run brew uninstall krb5 and now they don't help (see next paragraph).
I did a search in my terminal for the krb5 folder using this command sudo find / -name "krb5". When I searched through the long list of results, I found several krb5 folders, but none of them had bin, sbin, lib or include directories in them. So, it seems that during the brew uninstall krb5 command those files were removed from my system as well as the files in /usr/local/Cellar.
I haven't tried installing the "Prerequisites" on the instruction page yet, because my Kerberos used to work already in the past. So, I'm assuming that the prerequisites should already be in place, unless they changed during my OS update. I was hesitant to try that because of the issues the brew install attempt created.
Conclusion
It's obvious the Kerberos is still installed somewhere on my machine because it will prompt me to enter my password after kinit and knows if the password entered is valid or not. The credentials are "Expired" immediately after being created. How can I fix this?
发布评论
评论(1)
安装in 卸载 ing kerberos似乎已经处理了一些操作系统设置。如果您还没有这样做,则与最近的操作系统更新结合使用,可能需要重新启动。installing anduninstalling kerberos appears to have messed with some of your OS settings. This, combined with a recent OS update probably requires a restart, if you haven't already done so.