diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-11-06 22:15:50 -0500 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2012-11-14 15:31:13 -0500 |
| commit | ccaf2682c79974cee368d2f3b0611dabc1361df5 (patch) | |
| tree | bf852491bce076326a300a3494fccb8dc0809562 /doc/admin/troubleshoot.rst | |
| parent | 07b66c2220ad1b38c5465cacc2537096afe332d2 (diff) | |
| download | krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.tar.gz krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.tar.xz krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.zip | |
Rename doc subdirectories
We like these names better, and they match the PDF document filenames.
admins -> admin
appldev -> appdev
users -> user
and catch up where the names are used elsewhere.
The relay/ directory has been removed, with its contents moved to the
top level in build_this.rst and a new about.rst.
The section headers for kadmind, krb5kdc, sserver, kpasswd, kswitch,
and sclient are misdetected as conflict markers.
bigredbutton: whitespace
ticket: 7433
tags: pullup
Diffstat (limited to 'doc/admin/troubleshoot.rst')
| -rw-r--r-- | doc/admin/troubleshoot.rst | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst new file mode 100644 index 0000000000..7dc25795d8 --- /dev/null +++ b/doc/admin/troubleshoot.rst @@ -0,0 +1,53 @@ +Troubleshooting +=============== + +Trace logging +------------- + +Most programs using MIT krb5 1.9 or later can be made to provide +information about internal krb5 library operations using trace +logging. To enable this, set the **KRB5_TRACE** environment variable +to a filename before running the program. On many operating systems, +the filename ``/dev/stdout`` can be used to send trace logging output +to standard output. + +Some programs do not honor **KRB5_TRACE**, either because they use +secure library contexts (this generally applies to setuid programs and +parts of the login system) or because they take direct control of the +trace logging system using the API. + +Here is a short example showing trace logging output for an invocation +of the :ref:`kvno(1)` command:: + + shell% env KRB5_TRACE=/dev/stdout kvno krbtgt/KRBTEST.COM + [9138] 1332348778.823276: Getting credentials user@KRBTEST.COM -> + krbtgt/KRBTEST.COM@KRBTEST.COM using ccache + FILE:/me/krb5/build/testdir/ccache + [9138] 1332348778.823381: Retrieving user@KRBTEST.COM -> + krbtgt/KRBTEST.COM@KRBTEST.COM from + FILE:/me/krb5/build/testdir/ccache with result: 0/Unknown code 0 + krbtgt/KRBTEST.COM@KRBTEST.COM: kvno = 1 + +List +---- + +.. error:: KDC has no support for encryption type while getting + initial credentials + +.. error:: credential verification failed: KDC has no support for + encryption type + +This most commonly happens when trying to use a principal with only +DES keys, in a release (MIT krb5 1.7 or later) which disables DES by +default. DES encryption is considered weak due to its inadequate key +size. If you cannot migrate away from its use, you can re-enable DES +by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` +section of :ref:`krb5.conf(5)`. + +Seen in: clients + +---- + +.. include:: ./install_kdc.rst + :start-after: _prop_failed_start: + :end-before: _prop_failed_end: |