TNS-12687: Credentials expired.

Mehmet Salih Deveci May 9, 2020 Leave a comment

Hi,

Sometimes You can get “TNS-12687: Credentials expired.  ” error.

 

Details of error are as follows.

TNS-12687: Credentials expired.
Cause: The credentials that are used to authenticate the user for the requested connection have expired.
Action: Renew your credentials. Refer to the documentation specific for your Network Authentication Adapter on how to do this.

 

 

When trying to connect using password authentication with the kerberos already configured and enabled, then the password authentication fails with the below error.

 

[oracle@<target_db_hotsname>]$ rman target / catalog=rman/rman@"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=1521))(CONNECT_DATA=(SID=<sid>)))"
Recovery Manager: Release 12.1.0.2.0 - Production on Mon Sep 16 16:48:40 2019

Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved.

connected to target database: <DB name> (DBID=<DB id>)
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04004: error from recovery catalog database: 
ORA-12687: Credentials expired.

or


[oracle@<target_db_hotsname>]$ sqlplus rman/<password>@<RMANCAT_DB>

SQL*Plus: Release 12.1.0.2.0 Production on Mon Sep 16 15:14:56 2019

Copyright (c) 1982, 2014, Oracle. All rights reserved.

ERROR:
ORA-12687: Credentials expired.

 

ORA-12687 error is specific to Kerberos authentication and it indicates that the ticket being used to connect to the database via Kerberos authentication is expired and a new one must be requested.

 

To display the list of service tickets obtained by the user, run the oklist utility from the Oracle client.i.e target db home in this scenario.
[oracle@<target_db_hostname>]$ oklist

To destroy the expired tickets obtained by the client, run the okdstry utility.

[oracle@<target_db_hostname>]$ okdstry

After running okdstry, the user’s expired ticket gets removed and those tickets are no longer visible when oklist command is run again.

Do you want to learn more details about RMAN, then read the following articles.

https://ittutorial.org/rman-backup-restore-and-recovery-tutorials-for-beginners-in-the-oracle-database/

 

About Mehmet Salih Deveci

I am Founder of SysDBASoft IT and IT Tutorial and Certified Expert about Oracle & SQL Server database, Goldengate, Exadata Machine, Oracle Database Appliance administrator with 10+years experience.I have OCA, OCP, OCE RAC Expert Certificates I have worked 100+ Banking, Insurance, Finance, Telco and etc. clients as a Consultant, Insource or Outsource.I have done 200+ Operations in this clients such as Exadata Installation & PoC & Migration & Upgrade, Oracle & SQL Server Database Upgrade, Oracle RAC Installation, SQL Server AlwaysOn Installation, Database Migration, Disaster Recovery, Backup Restore, Performance Tuning, Periodic Healthchecks.I have done 2000+ Table replication with Goldengate or SQL Server Replication tool for DWH Databases in many clients.If you need Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS Consultancy and Training you can send my email adress [email protected].-                                                                                                                                                                                                                                                 -Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS ve linux Danışmanlık ve Eğitim için  [email protected] a mail atabilirsiniz.

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by IT Tutorial | Designed by SysDBASoft IT
IT Tutorial © Copyright 2024, All Rights Reserved