When AIX is configured to use LAM (Loadable Authentication Module) and LAM is configured to use the standard AIX Kerberos configuration, AIX generates a credentials cache file that is not the default expected by Kerberos applications and the Generic Security Services Application Program Interface (GSS API).

AIX Kerberos generates a Process Authentication Group- (PAG) style Kerberos ticket in the credentials cache as opposed to a Unique Identification- (UID) style Kerberos ticket.

If an application using Kerberos authentication relies on finding the default UID-based cache, that application fails to authenticate unless the application can override this behavior and use the PAG-based cache instead. The SQL Server Driver for AIX from DataDirect can fail to authenticate if the driver is configured to use Kerberos authentication.

To override the defaults, the following environment variables must be set accordingly:

• export ELSPAGCACHE=1

Setting this variable to 1 enables the code to override the defaults and look for PAG-style Kerberos tickets instead of UID-style tickets.

• export ELSREALMNAME=Kerberos Realm Name

Set this variable to the Kerberos Realm Name only if the auth_domain variable is not already set in /etc/security/user file.

• export ELSCACHELOC=Location of the PAG cache files

Set this variable to the location of the PAG cache files if they are not in the default location, which is /var/krb5/security/creds.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for Base SAS 9.21_M3 is available at: