Troubleshooting Kerberos server in i5/OS PASE

You can access status and informational log files to troubleshoot Kerberos server in i5/OS^® PASE. During configuration of a Kerberos server in i5/OS PASE, the authentication server and the administration server are created. These servers write status and informational messages to a log file located in the /var/krb5/log directory. This log file, krb5kdc.log, contains messages that can help the administrator troubleshoot problems with configuration and authentication requests.

Access Kerberos server log files in i5/OS PASE. On the System i™ platform that you have the Kerberos server configured in i5/OS PASE, complete these steps:

1. At a character-based interface, type QP2TERM. This command opens an interactive shell environment that allows you to work with i5/OS PASE applications.

2. At the command line, type cd /var/krb5/log.

3. At the command line, type cat /krb5kdc.log. This will open the krb5kdc.log file that contains error messages for the i5/OS PASE KDC.

$ 
AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): NEEDED_PREAUTH: 
jday@SYSTEMA.MYCO.COM for kadmin/changepw@SYSTEMA.MYCO.COM, 
Additional pre-authentication required 
Apr 30 14:18:08 systema.myco.com /usr/krb5/sbin/krb5kdc[334](info): 
AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): ISSUE: authtime 1051730288, 
etypes {rep=16 tkt=16 ses=16}, jday@SYSTEMA.MYCO.COM for 
kadmin/changepw@SYSTEMA.MYCO.COM 

Apr 30 14:18:56 systema.myco.com /usr/krb5/sbin/krb5kdc[334](Notice): AS_REQ (3 etypes {16 3 1}) 10.1.1.2(88): NEEDED_PREAUTH: 
jday@SYSTEMA.MYCO.COM for kadmin/changepw@SYSTEMA.MYCO.COM, 
Additional pre-authentication required 

Apr 30 14:18:56 systema.myco.com /usr/krb5/sbin/krb5kdc[334](info): 
DISPATCH: replay found and re-transmitted $