logo_kerberos.gif

Debugging tips

From K5Wiki
Revision as of 11:46, 30 April 2009 by KenRaeburn (Talk | contribs)

Jump to: navigation, search

This page documents krb5-specific techniques which may help debug problems. Feel free to add additional techniques.

As always, the basic tools are helpful: debuggers like gdb or dbx, system call tracing tools like strace or truss, shared library tracing tools like ltrace or sotruss, and memory debugging tools like valgrind or Purify.

Compile-Time Flags

You can build the tree with additional flags like so:

 make clean
 make CPPFLAGS=-DFLAGNAME

or in a new build tree:

 .../configure CPPFLAGS=-DFLAGNAME
 make

DEBUG_ERROR_LOCATIONS

The DEBUG_ERROR_LOCATIONS flag causes verbose error messages generated from the krb5 libraries to include file and line number information. It can be useful if you're having trouble tracking down where an error message is generated. It will not work in cases where an error code is generated with no call to krb5_set_error_message or krb5int_set_error; in that case you will have to track it down the slow way with gdb or whatever. If you are seeing an error with no corresponding krb5_set_error_message_call, consider whether the error case is "likely" and perhaps add a krb5_set_error_message to make it clearer what is going on.

Debugging the KDC

krb5kdc can be run with the -n flag to prevent it from backgrounding itself, allowing you to set breakpoints before it starts. Alternatively, you can attach to the process after it forks. The process_as_req and process_tgs_req functions are the entry points to handling client requests.

Personal tools