When trying to refresh a users global policy the following error is seen:
# vgptool apply -u testuser
ERROR: Cannot get user security context
Caused By: Unable to find user file ccache
The user is logged in however and has a valid ccache:
/opt/quest/bin/vastool klist
Credentials cache: API:1445022896
Principal: testuser@EXAMPLE.COMIssued Expires Principal
Oct 29 08:46:16 Oct 29 18:46:16 krbtgt/EXAMPLE.COM@EXAMPLE.COM
By default Mac OS does not use a cache file to store Kerberos credentials, the credential cache is stored in memory as indiccated by the "API:1445022896" entry in the klist output. This credential cache is not accessible to other users, even root. Because an admin user needs access to other users credentials in order to force a policy update with vgptool, the vgptool command will fail.
To make the credential cache accessible to admin users the cache location needs to be changed to a file. This can be done with the following command:
/opt/quest/bin/vastool configure vas libdefaults default_cc_name 'FILE:/tmp/krb5cc_${uid}'
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center