Posts tagged with: debug

Kerberos client howto

If you need debugging on client side, Kerberos doesn’t do a lot of things for you.

You can then position the KRB5_TRACE environment variable, standard system out shall be enough for your needs !

[root@dn01 ~]# env KRB5_TRACE=/dev/stdout kinit -kt /etc/security/keytabs/hbase.headless.keytab hbase
[21232] 1444825930.913224: Getting initial credentials for hbase@REALM
[21232] 1444825930.914101: Looked up etypes in keytab: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac
[21232] 1444825930.914173: Sending request (198 bytes) to REALM
[21232] 1444825930.914599: Sending initial UDP request to dgram 192.168.1.88:88
[21232] 1444825930.918945: Received answer from dgram 192.168.1.88:88
[21232] 1444825930.919086: Response was from master KDC
[21232] 1444825930.919142: Received error from KDC: -1765328359/Additional pre-authentication required
[21232] 1444825930.919236: Processing preauth types: 136, 19, 2, 133
[21232] 1444825930.919257: Selected etype info: etype aes256-cts, salt "(null)", params ""
[21232] 1444825930.919265: Received cookie: MIT
[21232] 1444825930.919598: Retrieving hbase@REALM from FILE:/etc/security/keytabs/hbase.headless.keytab (vno 0, enctype aes256-cts) with result: 0/Success
[21232] 1444825930.919650: AS key obtained for encrypted timestamp: aes256-cts/0B3B
[21232] 1444825930.919754: Encrypted timestamp (for 1444825930.919656): plain 301AA011180F32303135313031343132333231305AA10502030E0868, encrypted DD77AE6EF5A9EFFA1A546BC34E964986BAFF339C5695B68A70689B84707503DB3FF2ECA23A30BFB5C4306E81EFFD445284E6328E9757501D
[21232] 1444825930.919778: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success
[21232] 1444825930.919787: Produced preauth for next request: 133, 2
[21232] 1444825930.919817: Sending request (293 bytes) to REALM (master)
[21232] 1444825930.919977: Sending initial UDP request to dgram 192.168.1.88:88
[21232] 1444825930.927790: Received answer from dgram 192.168.1.88:88
[21232] 1444825930.927858: Processing preauth types: 19
[21232] 1444825930.927871: Selected etype info: etype aes256-cts, salt "(null)", params ""
[21232] 1444825930.927879: Produced preauth for next request: (empty)
[21232] 1444825930.927888: Salt derived from principal: REALMhbase
[21232] 1444825930.927903: AS key determined by preauth: aes256-cts/0B3B
[21232] 1444825930.928019: Decrypted AS reply; session key is: aes256-cts/4F13
[21232] 1444825930.928054: FAST negotiation: available
[21232] 1444825930.928099: Initializing FILE:/tmp/krb5cc_0 with default princ hbase@REALM
[21232] 1444825930.928497: Removing hbase@REALM -> krbtgt/REALM@REALM from FILE:/tmp/krb5cc_0
[21232] 1444825930.928516: Storing hbase@REALM -> krbtgt/REALM@REALM in FILE:/tmp/krb5cc_0
[21232] 1444825930.928687: Storing config in FILE:/tmp/krb5cc_0 for krbtgt/REALM@REALM: fast_avail: yes
[21232] 1444825930.928732: Removing hbase@REALM -> krb5_ccache_conf_data/fast_avail/krbtgt\/REALM\@REALM@X-CACHECONF: from FILE:/tmp/krb5cc_0
[21232] 1444825930.928748: Storing hbase@REALM -> krb5_ccache_conf_data/fast_avail/krbtgt\/REALM\@REALM@X-CACHECONF: in FILE:/tmp/krb5cc_0
[root@dn01 ~]#