HP CIFS Client A.02.01 Administrator's Guide
Troubleshooting and Error Messages
Troubleshooting Kerberos in the HP CIFS Client
Chapter 694
Troubleshooting Kerberos in the HP CIFS
Client
• cifsTrace, authentication log levels
Informative log messages will be produced by Kerberos processing in
the HP CIFS Client log file if the cifsTrace and authentication
log levels are enabled.
• Temporary credentials files
When Kerberos authentication is used, the HP CIFS Client utilizes a
temporary file to store users’ credentials during login processing.
There is one temporary credentials file per user per server. Kerberos
tickets are not reused by the HP CIFS Client. Hence, when the user’s
login processing is completed, the temporary file is removed.
For troubleshooting, the temporary credential files can be preserved
by setting the configuration variable rmTempKerbCredFiles to no.
You can then examine and remove the files with the standard
Kerberos Client utilities, klist(1) and kdestroy(1). Use the -c
cache_filename option with these commands, specifying filenames in
the followng form:
/var/opt/cifsclient/krb5_tmp/krb5cc_
servername_uid
where servername is the CIFS server and uid is the user’s Unix uid
on the local HP-UX host on which the CIFS Client is running.
As a convenience, the cifsclient control script can also be used to
operate on these credentials files without referring to file or path
names. Enter cifsclient -h for a syntax summary.
• Basic Kerberos functionality
If you suspect that basic functionality of your Kerberos
infrastructure is not working properly, repeat the verification checks
in step 2.
• If you wish to set authenticationMethod for specific servers to a
value different from the global setting in the default Server
section of the configuration file, you can create server-specific options