|
|
| Troubleshooting |
|
|
| Troubleshooting Kerberos |
Table | Troubleshooting Scenarios (Continued) |
| |
|
|
|
|
| Clock skew too great in | This problem generally | You must run NTP or |
| KDC reply while getting | occurs because the clock | a similar service to |
| initial credentials. | of the system deviates | keep your system |
|
| too much from the time | clock synchronize |
|
| on the authenticating | with the atomic clock |
|
| KDC. A clock skew time | of the world. If you do |
|
| of up to 5 minutes is | not know how to do |
|
| allowed. | this, contact your |
|
|
| system administrator |
|
|
| to resolve this |
|
|
| problem. |
|
|
|
|
| Requesting host | The host uses the |
|
| principal without fully | /etc/hosts file to |
|
| qualified domain name. | resolve name lookups |
|
| Server not found in the | before using DNS. This |
|
| problem occurs when the |
| |
| Kerberos database while |
| |
| entry for the host in the |
| |
| getting the credentials |
| |
| /etc/hosts file contains |
| |
| from KDC. |
| |
| unqualified domain |
| |
|
|
| |
| Incorrect network | name before the fully |
|
| address while getting | qualified domain name. |
|
| credentials from KDC. | This problem can also |
|
|
|
| |
|
| occur if the /etc/hosts |
|
|
| file has a different IP |
|
|
| address for a host from |
|
|
| what the DNS server |
|
|
| has. |
|
|
|
|
|
| The | The krb.conf file has | Copy the sample file, |
| /opt/krb5/krb.conf | not been created. | krb.conf.sample, |
| file not found. |
| from |
|
|
| /opt/krb5/example |
|
|
| and edit accordingly. |
|
|
|
|
| Cannot open or find the | This problem occurs | Copy the sample file, |
| configuration file while | when you try to create | krb.conf.sample, |
| initializing the Kerberos | the database and the | from |
| code. | krb.conf file is not | /opt/krb5/example |
|
| found in the /opt/krb5 | and edit accordingly. |
|
| directory. |
|
|
|
|
|
|
|
|
|
Chapter 11 | 297 |