My Oracle Support Banner

Pkcs 11 Library Call Error In Solaris 10 Update 11 In A Non-global Zone (Doc ID 1546486.1)

Last updated on OCTOBER 13, 2019

Applies to:

Solaris Operating System - Version 10 1/13 U11 and later
Information in this document applies to any platform.


Customer  just installed solaris 10 update 11 sparc on a T5120. On Global zone kerberos works but if he  creates a non-global zone (sparse or whole root) and repeat the steps to  get a kerberos TGT(Ticket Granting Service), although he was  prompted for his password. this is the error he was  seeing:

% /bin/kinit
Password for test1@ABC.COM: <my password here>
kinit(v5): Error in the PKCS 11 library calls while getting initial credentials

this behavior is NOT reproducible under solaris 10 update 11 on the x86 architecture.

steps to reproduce:

Install solaris 10 update 11 sparc, do not install patches,create local account with username that matches user in your KDC
create /etc/krb5/krb5.conf to talk to your local KDC
test /bin/kinit
create non-global zone (both sparse and whole root should exhibit same behavior)
create same local account and krb5.conf as in the global zone
test /bin/kinit in non-global zone




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.