Reputation: 12930
kerberos client not generating log file
I have a kerberos client and following is the config of that client for logging.
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
however when I check the files to see the logs it doesn't exist. Even if I try to authenticate with wrong username it shows the error message on console only.
kinit -kt gaurang.shah.keytab [email protected]
kinit: Keytab contains no suitable keys for [email protected] while getting initial credentials
Could someone please let me know what I need to do in so that all the error messages are redirected to log file. Also, is there any way to change verbose of the logs ?
Upvotes: 7
Views: 17721
Answers (2)
Reputation: 645
If you're using heimdal, try
[logging]
default = 0-/FILE:/dev/stderr
krb5 = 0-/FILE:/dev/stderr
Where the path after FILE: is the logfile you want (in this case spam to stderr)
The 0-/ means use log levels 0-7, so very verbose logging.
The default is 0-3 and that doesn't appear to change using the ENV setting (which only works on the krb5 library anyway)
For further information the correct man page to RTFM is krb5_initlog in section 3
Upvotes: 0
Reputation: 18415
This configuration is not intended for the client as you can see by the filenames. You are looking for KRB5_TRACE=/path/to/file env var. This works on MIT Kerberos only.
Upvotes: 10
Related Questions
- Kinit autentication does not create klist ticket
- Enable detailed logging for Kerberos in Java
- Kerberos klist is displaying no ticket
- Unable to stop Kerberos debug logging
- Kerberos Client not found in kerberos database
- Kerberos Authentication always unsuccessful
- Always generating a NTLM instead of kerberos ticket
- Kerberos: kvno is '1' in client tickets
- Kerberos: kadmin not working properly
- Kerberos authentication not running when client and server on same machine