Troubleshooting
General Errors
security administrator may have purposefully locked a principal account so it could temporarily not be used. In each case, the principal remains in the principal database, but is unable to use Kerberos services.
To unlock a principal account, use either the Administrator or
Using the Administrator:
1. go to the Principal information window - Principals tab.
2. Select the Attributes tab
3. Clear the Lock Principal box
You must have the correct administrative permissions, i for Inquire About Principals and m for Modify Principals, to lock or unlock an account.
Using the
1. invoke the tool by type the kadmin at the command line prompt
2. use the mod [principal] attr {lock unlock} command
| Clock Synchronization |
| While client clocks are not required to be closely synchronized with the |
| security server or application server, we recommend that you do loosely |
| synchronize all client clocks with the server. |
| In the event that the client clock is outside the permitted clock skew of |
| five minutes, you will see entries in the client systems log file that |
| indicate the condition. |
| To eliminate the warnings, synchronize the client clock with the server to |
| within five minutes. |
| You must closely synchronize all security server and application server |
NOTE | |
| clocks. We recommend that you implement a secured time service to |
| ensure that all clocks are synchronized. |
|
|
272 | Chapter 9 |
