Installing and Administering Internet Services
370 Chapter 11
Secure Internet Services
Troubleshooting the Secure Internet Services
Troubleshooting the Secure Internet
Services
Some guidelines for you to follow when you troubleshoot the Secure
Internet Services are described below.
The Verification Checklist
Go through the checklist described in the section “Verifying the Secure
Internet Services” on page 365:
• Verify that the secure environment is correct.
• Verify that the Secure Internet Services mechanism was successfully
enabled.
• Use the krbval validation tool.
Security-related Error Messages
All of the Secure Internet Services obtain security-specific error
messages from the Kerberos API. Secure ftp/ftpd uses the GSS-API,
but because that API depends on the Kerberos API, its error messages
will be consistent with the other services.
There are several security-related messages specific to the Secure
Internet Services that are generated outside of the Kerberos API. For a
list of these error messages, refer to the DIAGNOSTICS section of the
Secure Internet Services man page, sis(5).
In general, the Secure Internet Services client will write error messages
to standard error, and the Secure Internet Services daemon will write
error messages to syslog (typically /var/adm/syslog/syslog.log).
Common Problems
The most common problem likely to occur when using the Secure
Internet Services will be the failure to obtain a TGT, which is required
for using the Secure Internet Services. Use the klist command to
determine if a ticket has been granted, and if none has been, run kinit,
dce_login, or dess_login.