How to enable extra DEBUG logging for Kerberos authentication and what log information it contains?
Article ID: KB0076653
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
This article explains how to enable extra DEBUG logging for Kerberos authentication. Enabling extra debug logging is useful when troubleshooting problems related to Kerberos configuration. This will also explain in which log file extra debug logs gets captured and what log information it contains.
Issue/Introduction
How to enable extra DEBUG logging for Kerberos authentication and what log information it contains?
Environment
All Supported OS
Resolution
A ) Follow below steps to enable extra DEBUG logging for Kerberos authentication :
- Login to Spotfire server machine.
- Launch Spotfire server configuration tool (uiconfig.bat).
- Go to "Configuration" tab ==> Authentication: Kerberos section
- Under this section, in right pane, there is radio button "Enable extra debug logging"
- Click "Yes" against this radio button to enable extra debug logging for Kerberos.
- Click on "Save configuration" to save configuration and restart Spotfire server service.
B) After enabling extra debug logging for kerberos, it will add some debug information to the "stdout.log" file (under tomcat\log folder ).
C) When extra debug logging is enabled, it add some debug info to the stdout.log file about the initiation of the key tab file. It will show what SPN and keytab is being used, and log if there's any error.
For example:
When enable "Extra debug logging" in config tool with kerberos authentication, one can see below DEBUG logs about the initiation of the key tab file and principal name at the start of the log file after restart of the Spotfire server service while capturing fresh logs:
------------
2019-10-20 09:51:54 Commons Daemon procrun stdout initialized
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is C:\tibco\tss\10.3.3\tomcat/spotfire-config/spotfire.keytab refreshKrb5Config is false principal is HTTP/test_machine.analytics.com@ANALYTICS.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal is HTTP/test_machine.analytics.com@ANALYTICS.COM
Will use keytab
Commit Succeeded
-------------
- Login to Spotfire server machine.
- Launch Spotfire server configuration tool (uiconfig.bat).
- Go to "Configuration" tab ==> Authentication: Kerberos section
- Under this section, in right pane, there is radio button "Enable extra debug logging"
- Click "Yes" against this radio button to enable extra debug logging for Kerberos.
- Click on "Save configuration" to save configuration and restart Spotfire server service.
B) After enabling extra debug logging for kerberos, it will add some debug information to the "stdout.log" file (under tomcat\log folder ).
C) When extra debug logging is enabled, it add some debug info to the stdout.log file about the initiation of the key tab file. It will show what SPN and keytab is being used, and log if there's any error.
For example:
When enable "Extra debug logging" in config tool with kerberos authentication, one can see below DEBUG logs about the initiation of the key tab file and principal name at the start of the log file after restart of the Spotfire server service while capturing fresh logs:
------------
2019-10-20 09:51:54 Commons Daemon procrun stdout initialized
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is C:\tibco\tss\10.3.3\tomcat/spotfire-config/spotfire.keytab refreshKrb5Config is false principal is HTTP/test_machine.analytics.com@ANALYTICS.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal is HTTP/test_machine.analytics.com@ANALYTICS.COM
Will use keytab
Commit Succeeded
-------------
Additional Information
Refer below manual link to know parameter [-d <true|false> | --enable-debug=<true|false>] to specify whether extra debug logging should be enabled for the Kerberos authentication service using command line:
https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-DAAAC6DB-EED4-4591-9D15-255CF7B4A6F0.html
https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-DAAAC6DB-EED4-4591-9D15-255CF7B4A6F0.html
Feedback
Yes
No
Powered by
