Setting Environment Variables for Kerberos

Some Generic Security Services Application Program Interface (GSSAPI) Kerberos implementations require that environment variables must be set to allow for ticket-based authentication. 

The following is a list of variables that must be set.

Note: KRB5CCNAME and KRB5_CONFIG are required for MIT Kerberos/KFW and Heimdal. Other C/C++ GSSAPI libraries may have their own configuration requirements.
Environment Variables for Kerberos
Variable Value
ESP_GSSAPI_LIB

The path of the shared library file containing the GSSAPI function implementations.

  • libgssapi32.dll on Windows for MIT KFW
  • libgssapi.so for Heimdal
  • libgssapi_krb5.so for MIT Kerberos

Example:

<Root>/bin/gssapi32.dll
<Root>/krb/lib/libgssapi_krb5.so 
Note: You may need to modify either the PATH or LD_LIBRARY_PATH variables by adding additional directory paths. This is done in order to satisfy any dependancy that the GSSAPI libary may have.

Here is an example of a file path for a PATH variable:

<Root>/bin;%PATH%

Here is an example of a file path for a LD_LIBRARY_PATH variable:

<Root>/lib:$LD_LIBRARY_PATH
ESP_SERVICE_NAME

The ESP cluster/service principal name.

Example:

esp/myhost
KRB5CCNAME

The ticket cache.

Example:

<Root>/Documents and Settings/user/krb5cc_user
<Root>/tmp/krb5cc_1000 
KRB5_CONFIG

The Kerberos configuration file used by the Kerberos Library.

Example:

<Root>/kfw/krb5.ini
<Root>/krb/etc/krb5.conf