No credentials cache file found while validating credentials
For open source End State 2 on Solaris, the permissions on the credentials cache acquired for the LDAP proxy users (/var/tmp/proxycreds) must be readable by all users and writable by owner (644).
If the permissions are too restricted (for instance, 640), attempts to log on using ssh may fail.
Because mapping does not become an issue until the client computer tries to access a service, domain to REALM mapping problems do not affect initial ticket requests (TGTs).
When mapping problems exist, service ticket requests may fail or access to Kerberized services may fail.
Common PAM configuration issues include: See the operating system man pages for more information.
Kerberos Troubleshooting Tips LDAP Troubleshooting Tips This section will help you troubleshoot Kerberos authentication problems in a heterogeneous UNIX and Microsoft® Windows® operating system environment.
A good place to start is with the following white paper, “Troubleshooting Kerberos Errors,” which provides background and Microsoft-specific guidance and is available at
On an application server, this key is stored in a key table (by default a krb5.keytab file).
If the key stored in the key table on the application server does not match the key for this service stored in the Kerberos database, or if the application does not have access to read the key from the table, the application will not be capable of completing its side of the Kerberos transaction.