heimdal_debug(5) File Formats Manual heimdal_debug(5)

heimdal_debughow to turn on/off debugging for Kerberos tools

The heimdal_debug kerberos frameworks have several knobs for controlling logging. The different framework knobs are:

The Kerberos library, some gss-api Kerberos output ends up here too
the kcm library (credentials cache, ntlm client)
the kerberos KDC output
the digest service (ntlm server)

	<subsystem> = 0-/SYSLOG:

and watch syslog for logging information.

First turn up syslog debugging

sudo syslog -c 0 -d
then you can see the syslog output in Console.app or by running
syslog -w -k org.h5l.asl
To enable more extensive debugging logging for each subsystem, use the following commands:
Kerberos Library
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add krb5 '0-/OSLOG:normal:'
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add digest-service '0-/OSLOG:normal:'
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kcm '0-/OSLOG:normal:'
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kdc '0-/OSLOG:normal:'
MIT Kerberos Shim
defaults write com.apple.MITKerberosShim EnableDebugging -bool true
GSS-API framework logging
sudo defaults write /Library/Preferences/com.apple.GSS DebugLevel -int 10

Make the admin API pretend to the server even on client
sudo defaults write /Library/Preferences/com.apple.Kerberos ForceHeimODServerMode -bool true

gss(5), kerberos(8)

September 30, 2011 HEIMDAL