Requesting Kerberos TGT errors with okinit: Improper format of configuration file in 12.1.0.2

(Doc ID 2311595.1)

Last updated on OCTOBER 03, 2017

Applies to:

Advanced Networking Option - Version 11.2.0.4 and later
Information in this document applies to any platform.

Symptoms

 Requesting a kerberos TGT for a user fails with following error

 

[XXXX07543]/refresh/home> okinit -e 23 scott

Kerberos Utilities for Linux: Version 12.1.0.2.0 - Production on 21-SEP-2017 14:24:06

Copyright (c) 1996, 2014 Oracle. All rights reserved.

Password for scott@XXXX.SAMPLE.COM:
okinit: Improper format of configuration file

 In this case kerberos authentication is configured for a user with Active Directory 2012 server and DB version is 12.1.0.2

 

The actual KRB5.CONF looks like below. Note that there are not white space around this file which in other way we require to be in a format as defined in the documentation

 

Krb.conf file actually defined

##################

[root@XXXkerberos]# more krb5.conf
[libdefaults]
default_realm=XXXX.SAMPLE.COM
[realms]
XXXX.SAMPLE.COM= { kdc=XXXX.us.oracle.com:88 }
[domain_realm]
.XX.YYYY.com = XXXX.SAMPLE.COM
XX.YYYY.com = XXXX.SAMPLE.COM

 

The OKINIT trace clear state that format of krb5.conf file is improper

 

### okinit trace shows the following ##

nauk5lx_get_krbhst: Returning 70: Improper format of configuration file
.
nauk5lx_get_krbhst: exit
snauk5l_sendto_kdc: Call to snauk5j_locate_kdc failed.
snauk5l_sendto_kdc: Returning 70: Improper format of configuration file

Changes

 The setup for Kerberos authentication is under initial stage of configuration

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms