ITEM: H5852L
DCE error - requested key is not available with Encina PPC Gateway
Question:
Customer is trying connect CICS/6000 to CICS on a mainframe.
They have DCE, SNA, and CICS configured. When the PPC gateway
is started, it fails with the following error:
DCE-SEC-0067 requested key is not available (ox74182e66):ppcgwy
1F trdce_seclogincontextcreatefailed
Response:
This is caused by either no keytab entry for the DCE principal in the
keytab file or the password keys being out of sync between the keytab
file and the registry.
To correct this problem do the following:
- Login to AIX as root or the AIX user that owns the keytab file
- dce_login as cell_admin, or a principal that is a member of the group
"acct-admin".
- List the contents of the keytab file. The default keytab file is
/krb5/v5srvtab. If you need to look at a different keytab file, use the
"-f /path/keytab_filename" option with any rgy_edit "kt..." command.
\# rgy_edit
Current site: registry server at /.../dce_cellname/subsys/dce/sec/master
rgy_edit=> ktlist
/.../dce_cellname/hosts/encina/self 1
/.../dce_cellname/hosts/encina/cds-server 1
/.../dce_cellname/hosts/encina/cds-server 2
/.../dce_cellname/gwyn 52
/.../dce_cellname/cics 1
/.../dce_cellname/guest 1
/.../dce_cellname/cell_admin 13
/.../dce_cellname/cell_admin 14
/.../dce_cellname/gwyn 53
/.../dce_cellname/gwyn 51
- In this case, the principal that needs to be re-synced with the registry
is the "gwyn" principal. First, all except for the last version of the
"gwyn" keytab entry should be deleted. For "gwyn" the last version is
53. So versions 51 and 52 should be deleted.
rgy_edit=> ktdelete -p gwyn -v 51
rgy_edit=> ktdelete -p gwyn -v 52
- Set the keytab's key to the same known password in the registry, if you
don't know it, you will have to first reset the password for the
principal's account in the registry. If this needs to be reset, delete
the last keytab entry for that principal from the keytab file.
rgy_edit=> ktadd -p gwyn
Enter password: enter_gwyn_dce_account_password
Re-enter password to verify: enter_gwyn_dce_account_password
rgy_edit=>
- Set the key value to a more secure random key:
rgy_edit=> ktadd -p gwyn -r -a
- Exit from rgy_edit
rgy_edit=> quit
Support Line: DCE error - requested key is not available with Encina PPC Gateway ITEM: H5852L
Dated: May 1994 Category: N/A
This HTML file was generated 99/06/24~13:30:47
Comments or suggestions?
Contact us