diff options
Diffstat (limited to 'crypto/krb5/doc/html/admin/troubleshoot.html')
| -rw-r--r-- | crypto/krb5/doc/html/admin/troubleshoot.html | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/crypto/krb5/doc/html/admin/troubleshoot.html b/crypto/krb5/doc/html/admin/troubleshoot.html index 493abbf0b9c9..812508f5b31e 100644 --- a/crypto/krb5/doc/html/admin/troubleshoot.html +++ b/crypto/krb5/doc/html/admin/troubleshoot.html @@ -1,19 +1,17 @@ - <!DOCTYPE html> -<html> +<html lang="en" data-content_root="../"> <head> <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" /> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Troubleshooting — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css" /> - <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script> - <script src="../_static/jquery.js"></script> - <script src="../_static/underscore.js"></script> - <script src="../_static/doctools.js"></script> + <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> + <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> + <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> + <script src="../_static/documentation_options.js?v=236fef3b"></script> + <script src="../_static/doctools.js?v=888ff710"></script> + <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> <link rel="author" title="About these documents" href="../about.html" /> <link rel="index" title="Index" href="../genindex.html" /> <link rel="search" title="Search" href="../search.html" /> @@ -53,9 +51,9 @@ <div class="body" role="main"> <section id="troubleshooting"> -<span id="troubleshoot"></span><h1>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permalink to this headline">¶</a></h1> +<span id="troubleshoot"></span><h1>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Link to this heading">¶</a></h1> <section id="trace-logging"> -<span id="id1"></span><h2>Trace logging<a class="headerlink" href="#trace-logging" title="Permalink to this headline">¶</a></h2> +<span id="id1"></span><h2>Trace logging<a class="headerlink" href="#trace-logging" title="Link to this heading">¶</a></h2> <p>Most programs using MIT krb5 1.9 or later can be made to provide information about internal krb5 library operations using trace logging. To enable this, set the <strong>KRB5_TRACE</strong> environment variable @@ -80,9 +78,9 @@ of the <a class="reference internal" href="../user/user_commands/kvno.html#kvno- </div> </section> <section id="list-of-errors"> -<h2>List of errors<a class="headerlink" href="#list-of-errors" title="Permalink to this headline">¶</a></h2> +<h2>List of errors<a class="headerlink" href="#list-of-errors" title="Link to this heading">¶</a></h2> <section id="frequently-seen-errors"> -<h3>Frequently seen errors<a class="headerlink" href="#frequently-seen-errors" title="Permalink to this headline">¶</a></h3> +<h3>Frequently seen errors<a class="headerlink" href="#frequently-seen-errors" title="Link to this heading">¶</a></h3> <ol class="arabic simple"> <li><p><a class="reference internal" href="#init-creds-etype-nosupp"><span class="std std-ref">KDC has no support for encryption type while getting initial credentials</span></a></p></li> <li><p><a class="reference internal" href="#cert-chain-etype-nosupp"><span class="std std-ref">credential verification failed: KDC has no support for encryption type</span></a></p></li> @@ -90,7 +88,7 @@ of the <a class="reference internal" href="../user/user_commands/kvno.html#kvno- </ol> </section> <section id="errors-seen-by-admins"> -<h3>Errors seen by admins<a class="headerlink" href="#errors-seen-by-admins" title="Permalink to this headline">¶</a></h3> +<h3>Errors seen by admins<a class="headerlink" href="#errors-seen-by-admins" title="Link to this heading">¶</a></h3> <ol class="arabic simple" id="prop-failed-start"> <li><p><a class="reference internal" href="#kprop-no-route"><span class="std std-ref">kprop: No route to host while connecting to server</span></a></p></li> <li><p><a class="reference internal" href="#kprop-con-refused"><span class="std std-ref">kprop: Connection refused while connecting to server</span></a></p></li> @@ -98,10 +96,10 @@ of the <a class="reference internal" href="../user/user_commands/kvno.html#kvno- </ol> <hr class="docutils" id="prop-failed-end" /> <section id="kdc-has-no-support-for-encryption-type-while-getting-initial-credentials"> -<span id="init-creds-etype-nosupp"></span><h4>KDC has no support for encryption type while getting initial credentials<a class="headerlink" href="#kdc-has-no-support-for-encryption-type-while-getting-initial-credentials" title="Permalink to this headline">¶</a></h4> +<span id="init-creds-etype-nosupp"></span><h4>KDC has no support for encryption type while getting initial credentials<a class="headerlink" href="#kdc-has-no-support-for-encryption-type-while-getting-initial-credentials" title="Link to this heading">¶</a></h4> </section> <section id="credential-verification-failed-kdc-has-no-support-for-encryption-type"> -<span id="cert-chain-etype-nosupp"></span><h4>credential verification failed: KDC has no support for encryption type<a class="headerlink" href="#credential-verification-failed-kdc-has-no-support-for-encryption-type" title="Permalink to this headline">¶</a></h4> +<span id="cert-chain-etype-nosupp"></span><h4>credential verification failed: KDC has no support for encryption type<a class="headerlink" href="#credential-verification-failed-kdc-has-no-support-for-encryption-type" title="Link to this heading">¶</a></h4> <p>This most commonly happens when trying to use a principal with only DES keys, in a release (MIT krb5 1.7 or later) which disables DES by default. DES encryption is considered weak due to its inadequate key @@ -110,7 +108,7 @@ by adding <code class="docutils literal notranslate"><span class="pre">allow_wea section of <a class="reference internal" href="conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>.</p> </section> <section id="cannot-create-cert-chain-certificate-has-expired"> -<span id="err-cert-chain-cert-expired"></span><h4>Cannot create cert chain: certificate has expired<a class="headerlink" href="#cannot-create-cert-chain-certificate-has-expired" title="Permalink to this headline">¶</a></h4> +<span id="err-cert-chain-cert-expired"></span><h4>Cannot create cert chain: certificate has expired<a class="headerlink" href="#cannot-create-cert-chain-certificate-has-expired" title="Link to this heading">¶</a></h4> <p>This error message indicates that PKINIT authentication failed because the client certificate, KDC certificate, or one of the certificates in the signing chain above them has expired.</p> @@ -126,13 +124,13 @@ gets initial tickets. The error message is more likely to appear properly on the client if the principal entry has no long-term keys.</p> </section> <section id="kprop-no-route-to-host-while-connecting-to-server"> -<span id="kprop-no-route"></span><h4>kprop: No route to host while connecting to server<a class="headerlink" href="#kprop-no-route-to-host-while-connecting-to-server" title="Permalink to this headline">¶</a></h4> +<span id="kprop-no-route"></span><h4>kprop: No route to host while connecting to server<a class="headerlink" href="#kprop-no-route-to-host-while-connecting-to-server" title="Link to this heading">¶</a></h4> <p>Make sure that the hostname of the replica KDC (as given to kprop) is correct, and that any firewalls between the primary and the replica allow a connection on port 754.</p> </section> <section id="kprop-connection-refused-while-connecting-to-server"> -<span id="kprop-con-refused"></span><h4>kprop: Connection refused while connecting to server<a class="headerlink" href="#kprop-connection-refused-while-connecting-to-server" title="Permalink to this headline">¶</a></h4> +<span id="kprop-con-refused"></span><h4>kprop: Connection refused while connecting to server<a class="headerlink" href="#kprop-connection-refused-while-connecting-to-server" title="Link to this heading">¶</a></h4> <p>If the replica KDC is intended to run kpropd out of inetd, make sure that inetd is configured to accept krb5_prop connections. inetd may need to be restarted or sent a SIGHUP to recognize the new @@ -140,7 +138,7 @@ configuration. If the replica is intended to run kpropd in standalone mode, make sure that it is running.</p> </section> <section id="kprop-server-rejected-authentication-during-sendauth-exchange-while-authenticating-to-server"> -<span id="kprop-sendauth-exchange"></span><h4>kprop: Server rejected authentication (during sendauth exchange) while authenticating to server<a class="headerlink" href="#kprop-server-rejected-authentication-during-sendauth-exchange-while-authenticating-to-server" title="Permalink to this headline">¶</a></h4> +<span id="kprop-sendauth-exchange"></span><h4>kprop: Server rejected authentication (during sendauth exchange) while authenticating to server<a class="headerlink" href="#kprop-server-rejected-authentication-during-sendauth-exchange-while-authenticating-to-server" title="Link to this heading">¶</a></h4> <p>Make sure that:</p> <ol class="arabic simple"> <li><p>The time is synchronized between the primary and replica KDCs.</p></li> @@ -242,8 +240,8 @@ location on the replica.</p></li> <div class="footer-wrapper"> <div class="footer" > - <div class="right" ><i>Release: 1.21.3</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2024, MIT. + <div class="right" ><i>Release: 1.22-final</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. </div> <div class="left"> |