Troubleshoot Kerberos server in i5/OS™ PASE by accessing status and informational
log files.
During configuration of a Kerberos server in i5/OS PASE, the authentication server and
the administration server are created. These servers write status and informational
messages to a log file located in the /var/krb5/log directory.
This log file, krb5kdc.log contains messages that can help the administrator
troubleshoot problems with configuration and authentication requests.
Access Kerberos server log files in i5/OS PASE On the iSeries™ server
that you have the Kerberos server configured in i5/OS PASE, complete these steps:
- At a character-based interface, type QP2TERM. This command opens an interactive shell environment that allows you
to work with i5/OS PASE
applications.
- At the command line, type cd /var/krb5/log.
- At the command line, type cat /krb5kdc.log. This will open the krb5kdc.log file that contains error messages for
the i5/OS PASE
KDC.
Example krb5kdc.log file
The following sample log contains
several messages
$
AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): NEEDED_PREAUTH:
jday@ISERIESA.MYCO.COM for kadmin/changepw@ISERIESA.MYCO.COM,
Additional pre-authentication required
Apr 30 14:18:08 iseriesa.myco.com /usr/krb5/sbin/krb5kdc[334](info):
AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): ISSUE: authtime 1051730288,
etypes {rep=16 tkt=16 ses=16}, jday@ISERIESA.MYCO.COM for
kadmin/changepw@ISERIESA.MYCO.COM
Apr 30 14:18:56 iseriesa.myco.com /usr/krb5/sbin/krb5kdc[334](Notice):
AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): NEEDED_PREAUTH:
jday@ISERIESA.MYCO.COM for kadmin/changepw@ISERIESA.MYCO.COM,
Additional pre-authentication required
Apr 30 14:18:56 iseriesa.myco.com /usr/krb5/sbin/krb5kdc[334](info):
DISPATCH: replay found and re-transmitted
$