Troubleshooting Kerberos in OpsCenter

About this task

Troubleshoot OpsCenter Kerberos connections with debug options.

Procedure

  1. Locate the cluster_name.conf file. The location of this file depends on the type of installation:

    • Package installations: /etc/opscenter/clusters/cluster_name.conf

    • Tarball installations: install_location/conf/clusters/cluster_name.conf

  2. Open the cluster-specific configuration file, cluster_name.conf for editing. Replace cluster_name with the name of your cluster.

  3. Add the following to the [kerberos] section to output debug messages during Kerberos connections attempts from OpsCenter:

    [kerberos]
    debug = True

    The debug option outputs the contents of the server section from the jaas-krb5.conf file, informing you of the settings in use that you can verify against your configuration settings.

  4. Restart OpsCenter.

  5. If deeper debugging is necessary, add -Dsun.security.krb5.debug=true to $OPSC_JVM_OPTS. The JVM parameter outputs verbose information about reasons why Kerberos connections attempts are failing, such as not authenticating due to key expiration, or no keys present in keytab, or cannot find keytab, for example.

    For more information about JVM, see Configuring the OpsCenter JVM.