Site icon IT Tutorial

TNS-12687: Credentials expired.


Sometimes You can get “TNS-12687: Credentials expired.  ” error.


Details of error are as follows.

TNS-12687: Credentials expired.
Cause: The credentials that are used to authenticate the user for the requested connection have expired.
Action: Renew your credentials. Refer to the documentation specific for your Network Authentication Adapter on how to do this.



When trying to connect using password authentication with the kerberos already configured and enabled, then the password authentication fails with the below error.


[oracle@<target_db_hotsname>]$ rman target / catalog=rman/rman@"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=1521))(CONNECT_DATA=(SID=<sid>)))"
Recovery Manager: Release - Production on Mon Sep 16 16:48:40 2019

Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved.

connected to target database: <DB name> (DBID=<DB id>)
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04004: error from recovery catalog database: 
ORA-12687: Credentials expired.


[oracle@<target_db_hotsname>]$ sqlplus rman/<password>@<RMANCAT_DB>

SQL*Plus: Release Production on Mon Sep 16 15:14:56 2019

Copyright (c) 1982, 2014, Oracle. All rights reserved.

ORA-12687: Credentials expired.


ORA-12687 error is specific to Kerberos authentication and it indicates that the ticket being used to connect to the database via Kerberos authentication is expired and a new one must be requested.


To display the list of service tickets obtained by the user, run the oklist utility from the Oracle client.i.e target db home in this scenario.
[oracle@<target_db_hostname>]$ oklist

To destroy the expired tickets obtained by the client, run the okdstry utility.

[oracle@<target_db_hostname>]$ okdstry

After running okdstry, the user’s expired ticket gets removed and those tickets are no longer visible when oklist command is run again.

Do you want to learn more details about RMAN, then read the following articles.


 1,149 views last month,  1 views today

Exit mobile version