logo_kerberos.gif

Debugging tips

From K5Wiki
Revision as of 18:57, 4 June 2009 by Ghudson (talk | contribs) (Compile-Time Flags)

Jump to: navigation, search

This page documents krb5-specific techniques which may help debug problems. Feel free to add additional techniques.

As always, the basic tools are helpful: debuggers like gdb or dbx, system call tracing tools like strace or truss, shared library tracing tools like ltrace or sotruss, and memory debugging tools like valgrind or Purify.

Building for Testing or Debugging

By default, krb5 will build with optimization, making it difficult to debug. You can change this at configure time using the CFLAGS variable:

 .../configure CFLAGS=-g

or at build time:

 make CFLAGS=-g

C++ code uses CXXFLAGS instead of CFLAGS. There isn't a lot of C++ code in the Unix build, but if you do run into a need to debug what there is, be sure to override CXXFLAGS as well as CFLAGS.

On Linux and perhaps other Unix variants, programs built with run-path options will consult the run path before LD_LIBRARY_PATH. As a result, libraries from the install prefix will take precedence over libraries in the build tree. This is particularly important to know when running the test suite. To work around this issue, you can "make install" before "make check", or you can configure the tree to build without run-path options:

 .../configure --disable-rpath

A tree built this way may not be as useful when installed (since the binaries won't know how to find the libraries), but is more convenient for running programs out of the build tree. Note that plugins will still be loaded from the install prefix by default. The test suite overrides the plugin paths using special krb5.conf directives; if you are running a program by hand from the build tree and it uses plugins, you must either do the same overriding or run "make install" before running the program.

Compile-Time Defines

You can specify extra defined symbols for the build at configure time like so:

 .../configure CPPFLAGS=-DFLAGNAME

or at build time:

 make CPPFLAGS=-DFLAGNAME

DEBUG_ERROR_LOCATIONS

The DEBUG_ERROR_LOCATIONS flag causes verbose error messages generated from the krb5 libraries to include file and line number information. It can be useful if you're having trouble tracking down where an error message is generated. It will not work in cases where an error code is generated with no call to krb5_set_error_message or krb5int_set_error; in that case you will have to track it down the slow way with gdb or whatever. If you are seeing an error with no corresponding krb5_set_error_message_call, consider whether the error case is "likely" and perhaps add a krb5_set_error_message to make it clearer what is going on.

Debugging the KDC

krb5kdc can be run with the -n flag to prevent it from backgrounding itself, allowing you to set breakpoints before it starts. Alternatively, you can attach to the process after it forks. The process_as_req and process_tgs_req functions are the entry points to handling client requests.