A SERVICE OF

logo

Open as PDF
next previous
Troubleshooting
Troubleshooting Kerberos
Chapter 11 297
Clock skew too great in
KDC reply while getting
initial credentials.
This problem generally
occurs because the clock
of the system deviates
too much from the time
on the authenticating
KDC. A clock skew time
of up to 5 minutes is
allowed.
You must run NTP or
a similar service to
keep your system
clock synchronize
with the atomic clock
of the world. If you do
not know how to do
this, contact your
system administrator
to resolve this
problem.
Requesting host
principal without fully
qualified domain name.
Server not found in the
Kerberos database while
getting the credentials
from KDC.
Incorrect network
address while getting
credentials from KDC.
The host uses the
/etc/hosts file to
resolve name lookups
before using DNS. This
problem occurs when the
entry for the host in the
/etc/hosts file contains
unqualified domain
name before the fully
qualified domain name.
This problem can also
occur if the /etc/hosts
file has a different IP
address for a host from
what the DNS server
has.
The
/opt/krb5/krb.conf
file not found.
The krb.conf file has
not been created.
Copy the sample file,
krb.conf.sample,
from
/opt/krb5/example
and edit accordingly.
Cannot open or find the
configuration file while
initializing the Kerberos
code.
This problem occurs
when you try to create
the database and the
krb.conf file is not
found in the /opt/krb5
directory.
Copy the sample file,
krb.conf.sample,
from
/opt/krb5/example
and edit accordingly.
Table 11-2 Troubleshooting Scenarios (Continued)