Obtaining a TGT for a BMC Server Automation client (UNIX only)

Users of the BMC Server Automation Console and the blcred utility running on a UNIX host must manually run a kinit to obtain a ticket-gathering ticket (TGT).

The TGT is the AD/Kerberos user credential that domain users must authenticate with the BMC Server Automation Authentication Service. This procedure must be performed every time a user needs a TGT on a UNIX client. If a user already has a valid TGT, this procedure is not necessary. Although the life span of a TGT is configurable, typically a TGT is valid for 10 hours.

This procedure is only necessary in UNIX environments. If you are using a Windows client, skip this procedure.

To obtain a TGT for a BMC Server Automation client

  1. Copy blclient_krb5.conf to /etc/krb5.conf.
    • If you are not already using krb5.conf, you can replace the existing version of krb5.conf by renaming the copy of blclient_krb5.conf.
    • If you already use krb5.conf, then you must integrate the contents of blclient_krb5.conf with the contents of krb5.conf.
  2. To obtain a TGT, run the following command:
    <utilityPath>/kinit <userName>
    In this command, <utilityPath> provides the path to the kinit utility. If you do not have kinit installed, you must first obtain it. There are many online sources for Kerberos utilities such as kinit.
    The user name you provide for the kinit command does not have to be fully qualified. The name you provide is associated with the client's realm, identified when you created the client's blclient_krb5.conf file.

Where to go from here

Set up authentication profiles using AD/Kerberos authentication on the BMC Server Automation client. See Authentication profiles and Managing authorizations.

Was this page helpful? Yes No Submitting... Thank you

Comments