Troubleshooting Kerberos

Review the considerations when troubleshooting Kerberos security issues.

  • The Java reference implementation supports only the DES encryption type. You must configure your Active Directory and KDC principals to use DES encryption.

  • The value of the SERVICE_PRINCIPAL_NAME property must be set to the same name you specify with the -s option when you start your data server.

  • Check the krb5.conf and krb5.ini files. For CyberSafe clients, check the krb.conf and krb.realms files or DNS SRV records.

  • You can set the debug property to true in the JAAS login configuration file.

  • You can set the debug property to true at the command line:

    -Dsun.security.krb5.debug=true
  • The JAAS login configuration file provides several options that you can set for your particular needs. For information about JAAS and the Java GSS API, refer to:
Parent topic: Kerberos