Troubleshoot Kerberos in OpsCenter

Troubleshoot OpsCenter Kerberos connections with debug options:

  1. Edit the cluster-specific configuration file, CLUSTER_NAME.conf. The location of this file depends on the type of installation:

    • Package installations: /etc/opscenter/clusters/CLUSTER_NAME.conf

    • Tarball installations: INSTALL_DIRECTORY/conf/clusters/CLUSTER_NAME.conf

  2. Add the following to the [kerberos] section to output debug messages during Kerberos connections attempts from OpsCenter:

    [kerberos]
debug = True

    The debug option outputs the contents of the server section from the jaas-krb5.conf file, informing you of the settings in use that you can verify against your configuration settings.

  3. If deeper debugging is necessary, add -Dsun.security.krb5.debug=true to $OPSC_JVM_OPTS. The JVM parameter outputs verbose information about reasons why Kerberos connections attempts are failing, such as not authenticating due to key expiration, or no keys present in keytab, or cannot find keytab, for example.

    For more information about JVM, see Configure the OpsCenter JVM.

  4. Restart OpsCenter.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM