Troubleshooting
General Errors
Chapter 11 303
General Errors
Following are the general errors that you may encounter while setting up
your Kerberos server:
• Ensure that the Domain Name Server (DNS) is working properly.
Several aspects of Kerberos rely on this name service. It is important
that your DNS entries and your hosts have the correct information.
The canonical name of each host must be a fully qualified host name,
including the domain, and each IP address of the host must resolve
to the respective canonical name.
• Ensure that you remove all trailing spaces in the configuration files.
Trailing spaces can cause problems with the server. If trailing spaces
are present in the configuration file, the following error message
appears:
kdcd cannot start the database for the realm
• The Kerberos daemons kdcd and kadmind, by default, do not dump
core.
If you, as the administrator, want the kadmind daemon to dump core,
you need to create a DEBUG file in the directory
/var/adm/krb5/kadmind/DEBUG, with setuid bit set.
If you need the kdcd daemon to dump core, you must create a DEBUG
file in the directory /var/adm/krb5/kdc/DEBUG with the setuid bit
set.
Forgotten Passwords
If a user forgets the password, you must reset the password. To reset the
password, you must have the following correct administrative
permissions:
• i for Inquire About Principals.
• c for Change Principal Passwords.
Using the graphical user interface or the command-line administrator,
change the password and inform the user of the new temporary
password. By default, the user must change the password on the next
logon.
