Pkcs 11 Library Call Error In Solaris 10 Update 11 In A Non-global Zone (Doc ID 1546486.1)

Last updated on DECEMBER 23, 2016

Applies to:

Solaris SPARC Operating System - Version 10 1/13 U11 and later
Information in this document applies to any platform.

Symptoms

Customer  just installed solaris 10 update 11 sparc on a T5120. On Global zone kerberos works but if he  creates a non-global zone (sparse or whole root) and repeat the steps to  get a kerberos TGT(Ticket Granting Service), although he was  prompted for his password. this is the error he was  seeing:

% /bin/kinit
Password for test1@ABC.COM: <my password here>
kinit(v5): Error in the PKCS 11 library calls while getting initial credentials

this behavior is NOT reproducible under solaris 10 update 11 on the x86 architecture.

steps to reproduce:

Install solaris 10 update 11 sparc, do not install patches,create local account with username that matches user in your KDC
create /etc/krb5/krb5.conf to talk to your local KDC
test /bin/kinit
create non-global zone (both sparse and whole root should exhibit same behavior)
create same local account and krb5.conf as in the global zone
test /bin/kinit in non-global zone

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms