Hi Andreas,
We got the exact same error as you did [ we are on RHEL 6.4] while using the snc/gssapi/lib=libgssapi_krb5.so.
I saw that you were able to resolve your problem by changing the API to the new RHEL 6 relevant file i.e./lib64/libgssglue.so.1 .
I tried to modify our parameter to the value snc/gssapi/lib = /lib64/libgssglue.so.1 .
We already have the packages krb5-libs & krb5-workstation installed . However we are getting a different error now
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3364]
N GSS-API(maj): Unspecified GSS failure. Minor code may provide more information
N GSS-API(min): No key table entry found for SBQADM/<FQDN>@<MYDOMAIN.COM>
N Unable to establish the security context
N <<- SncProcessInput()==SNCERR_GSSAPI
M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 1035]
M {root-id=00221982BAFF1EE4858070692A83CB23}_{conn-id=00000000000000000000000000000000}_0
M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 1040]
M {root-id=00221982BAFF1EE4858070692A83CB23}_{conn-id=00000000000000000000000000000000}_0
Our Kerberos level authentication from Linux to the AD happens correctly via both the SAPServiceSBQ & the SBQADM users i.e. when AD level SPN is created as SAPServiceSBQ or SBQADM
SBQADM
=========
orsapbisbx01:sbqadm 51> kinit -V -f -k SBQADM/<FQDN>@<MYDOMAIN.COM>
Using default cache: /tmp/krb5cc_500
Using principal: SBQADM/<FQDN>@<MYDOMAIN.COM>
Authenticated to Kerberos v5
orsapbisbx01:sbqadm 52>
orsapbisbx01:sbqadm 121> klist -e
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: SBQADM/<FQDN>@<MYDOMAIN.COM>
Valid starting Expires Service principal
07/25/14 06:19:27 07/25/14 16:19:27 krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
renew until 08/01/14 06:19:27, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
orsapbisbx01:sbqadm 122>
SAPServiceSBQ
=================
orsapbisbx01:sbqadm 61> kinit -V -k SAPServiceSBQ/<FQDN>@<MYDOMAIN.COM>
Using default cache: /tmp/krb5cc_500
Using principal: SAPServiceSBQ/<FQDN>@<MYDOMAIN.COM>
Authenticated to Kerberos v5
orsapbisbx01:sbqadm 62> klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: SAPServiceSBQ/<FQDN>@<MYDOMAIN.COM>
Valid starting Expires Service principal
07/25/14 02:22:24 07/25/14 12:22:29 krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
renew until 08/01/14 02:22:24
orsapbisbx01:sbqadm 63>
Any help will be greatly appreciated, as we are fighting with kerberos for nearly 2 weeks now.
Regards
Prashant