Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2009

    Unanswered: Sybase 15.0.3 - Kerberos Setup

    I am setting up Sybase Kerberos Server on one or our RedHat Linux servers. I have done this before on previous versions of Sybase with success but this time I am getting an error that have not seen before. I am hoping someone here can help me with this issue.

    OS - RedHat ASv5u3 -x86_64
    DB - Sybase 15.0.3

    I am using a Windows KDC server and have created a server and user principale on the domain controller. I have a keytab extracted and placed on the DB server. The security has been enabled in Sybase and the licenses are correct. I am able to start the server but get an error when it tries to open the Kerberos library specified in /db/OCS-15_0/config/libtcl.cfg file. This linux distribution has both the 32 bit and 64 bit libraries located under /usr/lib/ and /usr/lib64/ I get this error with both of these files. Following is what I see in the log file.

    00:00000:00000:2009/08/26 10:30:03.83 kernel kdcl_sess_open: connectivity library supports master/query syntax.
    00:00000:00000:2009/08/26 10:30:03.83 kernel Connectivity Library (Security Control Layer) Error: Unable to open security driver.
    00:00000:00000:2009/08/26 10:30:03.83 server Could not initialize security mechanism 'csfkrb5'. ASE will not support this security mechanism. Please contact a user with SSO role.

    I have looked at the permissions on these files and they seem to be fine
    lrwxrwxrwx 1 root root 21 Jun 19 07:08 ->

    My interfaces file looks like this - the secmech entry is according to the sybase docs.

    master tcp ether nc-lnx18 5002
    query tcp ether nc-lnx18 5002

    I know my connection to KDC is fine because I can get a ticket with no issues. When I try to connect to Sybase I see the following error:

    [syb15@nc-lnx18 ~/install]$ kinit jvs001
    Password for jvs001@SSO.RALDEV.COM:
    [syb15@nc-lnx18 ~/install]$ isql -Slnx18syb15krb -V
    csd_krbdyn_load: Error loading /usr/lib64/ /usr/lib64/libgssap wrong ELF class: ELFCLASS64
    CT-LIBRARY error:
    ct_con_props(SET): security service layer: internal security control lay
    er error: error string not available
    Msg 4002, Level 14, State 1:
    Server 'lnx18syb15krb':
    Login failed.
    CT-LIBRARY error:
    ct_connect(): protocol specific layer: external error: The attempt to co
    nnect to the server failed.
    [syb15@nc-lnx18 ~/install]$

    Thanks for the help in advance.


  2. #2
    Join Date
    Oct 2005
    You have probably figured this out by now. I went through tons of docs and manuals and figured out Security and Directory Services packages option is an extra license feature. So I order to enable the security mechanism you must get a trial license or purchase a license for this option from your sales rep.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts