Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

ERROR: "kinit: Cannot find KDC for realm <REALM> while getting initial credentials" when kinit to generate credential cache fails
Problem Description
Unable to execute kinit on Informatica node, kinit to generate credential cache fails with the following error:
[root@host]# kinit
kinit: Cannot find KDC for realm <REALM> while getting initial credentials
Cause
​This issue happens when there is kerberos configuration file found but <REALM> displayed is not configured in the kerberos configuration file.
Solution
​By default, on UNIX, /etc/krb5.conf is the kerberos configuration file that is picked.

Informatica configuration file might have been updated at: <INFA_HOME>/services/shared/security/krb5.conf

So, to ensure Informatica's krb5.conf is picked, set KRB5_CONFIG environment variable:

export KRB5_CONFIG=<INFA_HOME>/services/shared/security/krb5.conf
Or,
setenv KRB5_CONFIG <INFA_HOME>/services/shared/security/krb5.conf

Or, alternatively, backup system defaults krb5.conf (cp /etc/krb5.conf  /etc/krb5.conf_system), and rename the system defaults krb5.conf file:

mv <INFA_HOME>/services/shared/security/krb5.conf    /etc/krb5.conf

For this alternative approach, ensure that there are no other applications/users using the system's krb5.conf, and/or check with the system admin.

Recommended way is to set the KRB5_CONFIG file.
More Information
​Contents of rightly configured krb5.conf file with realm name, as an example:

[root@HOST]# cat $INFA_HOME/services/shared/security/krb5.conf
[libdefaults]
#specifies the default realm that needs to be picked up for authentication
default_realm = INFA.COM
dns_lookup_realm = true
dns_lookup_kdc = true

#this is a mandatory flag as we need to obtain forwardable tickets from the KDC
forward = true
forwardable = true

[realms]
#Realm configuration with different possible way to be resolved
INFA.COM = {
admin_server = WINDOWSHOST.INFA.COM
kdc = ​WINDOWSHOST.INFA.COM
}

[domain_realm]
infa.com = INFA.COM
.infa.com = INFA.COM
Applies To
Product: PowerCenter; Data Quality
Problem Type: Configuration
User Type: Administrator
Project Phase: Configure
Product Version: Informatica 10.x
Database:
Operating System:
Other Software:

Reference
Attachments
Last Modified Date:6/2/2020 3:37 AMID:608487
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)