How do you change the temp directory for the storing Kerberos tickets?
I am seeing the below error messages:
error: { [-] message: Unspecified GSS failure. Minor code may provide more information: No credentials cache found (filename: /tmp/krb5cc_176874) stack: Error: Unspecified GSS failure. Minor code may provide more information: No credentials cache found (filename: /tmp/krb5cc_176874) } level: error message: Authentication process failed
It seems the Kerberos tickets are being removed from the /tmp directory. How do I change that?
Best Answer
-
When using Kerberos Authentication with Cribl the Kerberos tickets are stored in /tmp, these kerberos tickets are then removed by systemd-tmpfiles-clean.service. In order to have the Kerberos tickets stored in an alternative location other than /tmp there are two methods that can be followed.
1) Using the directory option in default_ccache_name /etc/krb5.conf:cribl@:/opt/cribl/bin$ ./cribl stop
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl stop cribl
Update the default_ccache_name /etc/krb5.conf with the following entry under the [libdefaults] stanza:
default_ccache_name = DIR:/opt/splunk/cribl_state/
cribl@:/opt/cribl/bin$ grep default_ccache_name /etc/krb5.conf
default_ccache_name = DIR:/opt/splunk/cribl_state/ # under [libdefaults]cribl@:/opt/cribl/bin$ mkdir /opt/splunk/cribl_state/
cribl@:/opt/cribl/bin$ chown -R cribl:cribl /opt/splunk/cribl_state/Restart Cribl:
cribl@:/opt/cribl/bin$ ./cribl start
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl start criblcribl@:/opt/cribl/bin$ ls -la /opt/splunk/cribl_state/
total 16
drwxr-xr-x 2 cribl cribl 4096 Jul 17 22:16 .
drwxr-xr-x 3 cribl cribl 4096 Jul 17 21:54..
-rw------- 1 cribl cribl 4 Jul 17 22:16 primary
-rw------- 1 cribl cribl 1383 Jul 17 22:16 tkt
2) Using the file option in default_ccache_name /etc/krb5.conf:cribl@:/opt/cribl/bin$ ./cribl stop
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl stop cribl
Update the default_ccache_name /etc/krb5.conf with the following entry under the [libdefaults] stanza:
default_ccache_name = FILE:/opt/splunk/cribl_state/my_krb_cachecribl@:/opt/cribl/bin$ grep default_ccache_name /etc/krb5.conf
default_ccache_name = FILE:/opt/splunk/cribl_state/my_krb_cachecribl@:/opt/cribl/bin$ touch /opt/splunk/cribl_state/my_krb_cache
cribl@:/opt/cribl/bin$ chown cribl:cribl /opt/splunk/cribl_state/my_krb_cache
Restart Cribl:
cribl@:/opt/cribl/bin$ ./cribl start
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl start cribl
cribl@:/opt/cribl/bin$ ls -la /opt/splunk/cribl_state/
total 12
drwxr-xr-x 2 cribl cribl 4096 Jul 17 22:22 .
drwxr-xr-x 3 cribl cribl 4096 Jul 17 21:54 ..
-rw------- 1 cribl cribl 1383 Jul 17 22:22 my_krb_cache1
Answers
-
When using Kerberos Authentication with Cribl the Kerberos tickets are stored in /tmp, these kerberos tickets are then removed by systemd-tmpfiles-clean.service. In order to have the Kerberos tickets stored in an alternative location other than /tmp there are two methods that can be followed.
1) Using the directory option in default_ccache_name /etc/krb5.conf:cribl@:/opt/cribl/bin$ ./cribl stop
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl stop cribl
Update the default_ccache_name /etc/krb5.conf with the following entry under the [libdefaults] stanza:
default_ccache_name = DIR:/opt/splunk/cribl_state/
cribl@:/opt/cribl/bin$ grep default_ccache_name /etc/krb5.conf
default_ccache_name = DIR:/opt/splunk/cribl_state/ # under [libdefaults]cribl@:/opt/cribl/bin$ mkdir /opt/splunk/cribl_state/
cribl@:/opt/cribl/bin$ chown -R cribl:cribl /opt/splunk/cribl_state/Restart Cribl:
cribl@:/opt/cribl/bin$ ./cribl start
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl start criblcribl@:/opt/cribl/bin$ ls -la /opt/splunk/cribl_state/
total 16
drwxr-xr-x 2 cribl cribl 4096 Jul 17 22:16 .
drwxr-xr-x 3 cribl cribl 4096 Jul 17 21:54..
-rw------- 1 cribl cribl 4 Jul 17 22:16 primary
-rw------- 1 cribl cribl 1383 Jul 17 22:16 tkt
2) Using the file option in default_ccache_name /etc/krb5.conf:cribl@:/opt/cribl/bin$ ./cribl stop
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl stop cribl
Update the default_ccache_name /etc/krb5.conf with the following entry under the [libdefaults] stanza:
default_ccache_name = FILE:/opt/splunk/cribl_state/my_krb_cachecribl@:/opt/cribl/bin$ grep default_ccache_name /etc/krb5.conf
default_ccache_name = FILE:/opt/splunk/cribl_state/my_krb_cachecribl@:/opt/cribl/bin$ touch /opt/splunk/cribl_state/my_krb_cache
cribl@:/opt/cribl/bin$ chown cribl:cribl /opt/splunk/cribl_state/my_krb_cache
Restart Cribl:
cribl@:/opt/cribl/bin$ ./cribl start
Or via systemd:
cribl@:/opt/cribl/bin$ systemctl start cribl
cribl@:/opt/cribl/bin$ ls -la /opt/splunk/cribl_state/
total 12
drwxr-xr-x 2 cribl cribl 4096 Jul 17 22:22 .
drwxr-xr-x 3 cribl cribl 4096 Jul 17 21:54 ..
-rw------- 1 cribl cribl 1383 Jul 17 22:22 my_krb_cache1