Troubleshooting

Troubleshooting Kerberos

Troubleshooting Kerberos

When troubleshooting problems with Kerberos, you need a reference point from which to work. For example, is the problem on the remote system or on the local system? However, the terms “local” and “remote” are limited in their description of complex communications, such as when a local system logs on to a remote system and then the remote system logs back onto the local system. At that point, which is the local system and which is the remote system?

A better solution is to use the terms “client” and “server”. The term “client” refers to a process that requests a service from another process. The term “server” refers to a process or a host that performs operations requested by local or remote hosts that are running client processes.

A typical network service consists of two co-operating programs. The client program runs on the requesting system. The server program runs on the system with which you want your system to communicate. The client program initiates requests to communicate. The server program accepts requests for communication. For example, the network service rlogin is a client program that requests a log on to a remote HP-UX or UNIX system. When inetd receives the request to log on to the remote host, inetd invokes the server program for rlogin (called rlogind) to handle the service request.

Error Messages

The client or server can generate the error messages generated by a service as seen on the client. Error messages from the client occur before a connection is completely established. Error messages from the server occur after a connection is completely established.

Logging Capabilities

The security server handles the system logging differently.

294

Chapter 11