I am setting up Sybase Kerberos Server on one or our RedHat Linux servers. I have done this before on previous versions of Sybase with success but this time I am getting an error that have not seen before. I am hoping someone here can help me with this issue.
OS - RedHat ASv5u3 -x86_64
DB - Sybase 15.0.3
I am using a Windows KDC server and have created a server and user principale on the domain controller. I have a keytab extracted and placed on the DB server. The security has been enabled in Sybase and the licenses are correct. I am able to start the server but get an error when it tries to open the Kerberos library specified in /db/OCS-15_0/config/libtcl.cfg file. This linux distribution has both the 32 bit and 64 bit libraries located under /usr/lib/libgssapi_krb5.so and /usr/lib64/libgssapi_krb5.so. I get this error with both of these files. Following is what I see in the log file.
00:00000:00000:2009/08/26 10:30:03.83 kernel kdcl_sess_open: connectivity library supports master/query syntax.
00:00000:00000:2009/08/26 10:30:03.83 kernel Connectivity Library (Security Control Layer) Error: Unable to open security driver.
00:00000:00000:2009/08/26 10:30:03.83 server Could not initialize security mechanism 'csfkrb5'. ASE will not support this security mechanism. Please contact a user with SSO role.
I have looked at the permissions on these files and they seem to be fine
lrwxrwxrwx 1 root root 21 Jun 19 07:08 libgssapi_krb5.so -> libgssapi_krb5.so.2.2
My interfaces file looks like this - the secmech entry is according to the sybase docs.
I know my connection to KDC is fine because I can get a ticket with no issues. When I try to connect to Sybase I see the following error:
[syb15@nc-lnx18 ~/install]$ kinit jvs001
Password for jvs001@SSO.RALDEV.COM:
[syb15@nc-lnx18 ~/install]$ isql -Slnx18syb15krb -V
csd_krbdyn_load: Error loading /usr/lib64/libgssapi_krb5.so: /usr/lib64/libgssap
i_krb5.so: wrong ELF class: ELFCLASS64
ct_con_props(SET): security service layer: internal security control lay
er error: error string not available
Msg 4002, Level 14, State 1:
ct_connect(): protocol specific layer: external error: The attempt to co
nnect to the server failed.
You have probably figured this out by now. I went through tons of docs and manuals and figured out Security and Directory Services packages option is an extra license feature. So I order to enable the security mechanism you must get a trial license or purchase a license for this option from your sales rep.