HP CIFS Client A.01.09 Administrator's Guide, August 2003
CIFS Authentication Using Kerberos
Troubleshooting Kerberos in the HP CIFS Client
Chapter 4 51
Troubleshooting Kerberos in the HP CIFS
Client
• cifsTrace
Informative log messages will be produced by Kerberos processing in
the HP CIFS Client log file if the cifsTrace log level is enabled.
• Temporary credentials files
When Kerberos authentication is used, the HP CIFS Client utilizes a
temporary file to store users’ credentials during login processing.
There is one temporary credentials file per user per server. Kerberos
tickets are not reused by the HP CIFS Client. Hence, when the user’s
login processing is completed, the temporary file is removed.
If the temporary credential files are required for troubleshooting, the
files can be preserved by setting the configuration variable,
rmTempKerbCredFiles, to no. You can then examine and remove the
files with the standard Kerberos Client utilities, klist(1) and
kdestroy(1). Use the -c cache_filename option with these command,
specifying filenames in the followng form:
/var/opt/cifsclient/krb5_tmp/krb5cc_
servername_uid
where servername is the CIFS server and uid is the user’s Unix uid
on the local HP-UX host on which the CIFS Client is running.
As a convenience, the cifsclient control script can also be used to
operate on these credentials files without referring to file or path
names. Enter cifsclient -h for a syntax summary.
• Basic Kerberos functionality
If you suspect that basic functionality of your Kerberos
infrastructure is not working properly, repeat the verification checks
in step 2.
• If you wish to set authenticationLevel for specific servers to a
value different from the global setting in the defaultServer section
of the configuration file, you can create server specific options in the
servers section. The servers section of the configuration file is
discussed near the end of Chapter 7, and the configuration file itself
contains a sample servers entry.