11.9. Server and Client Authentication Troubleshooting

11.9.1. Error Messages

11.9.1. Error Messages

Errors in authentication are reported in the following log files:

  • Installation logs:

    • /var/adm/log (Oracle Solaris only)

    • /var/log (Oracle Linux only)

  • Configuration logs:

    • /var/adm/log (Oracle Solaris only)

    • /var/log/SUNWut (Oracle Linux only)

  • General log files:

    • /var/opt/SUNWut/log

    • /var/opt/SUNWut/srds/log

    • /var/opt/SUNWut/srds/replog

Messages logged into /var/opt/SUNWut/log/messages are delivered through the syslog service described in the syslogd man page. The general format of these messages is:

timestamp thread_name message_class message

For example:

May 7 15:01:57 e47c utauthd: [ID 293833 user.info] Worker3 NOTICE: SESSION_OK pseudo.080020f8a5ee

Message components are defined as follows:

  • timestamp format: year.month.day hours:minutes:seconds

  • thread_name:

    • Worker# - Handles client authentication, access control, and session monitoring. Messages with the same thread name are related. The exception occurs when a Worker# thread disconnects a client and then purges the connection information from memory. After a Worker# DESTROY message, the next use of that Worker# thread name has no relation to previous uses of the thread name. In other words, thread names are reused.

    • SessionManager# - Communicates with utsessiondon on behalf of a Worker# thread.

    • AdminJobQ - Used in the implementation to wrap a library that would not otherwise be thread-safe.

    • CallBack# - Communicates with applications such as utload.

    • WatchID - Used to poll data or terminals from connections

    • Terminator - Cleans up terminal sessions

    • Group Manager - Main group manager thread

  • message_class:

    • CLIENT_ERROR - Indicates unexpected behavior from a client. These messages can be generated during normal operation if a client is rebooted.

    • CONFIG_ERROR - Indicates a system configuration error. The Authentication Manager exits after this error is detected.

    • NOTICE - Indicates a normal event.

    • UNEXPECTED - Logs events or conditions that were not anticipated for normal operation but are not fatal.

    • DEBUG - Occurs only if explicitly enabled and is used by the development team. Debug messages can reveal session IDs, which must be kept secret to ensure proper security.

Table 11.3. Server and Client Authentication Error Message Examples

Error class

Message

Description

CLIENT_ERROR

...Exception ... : cannot send keepAliveInf

Error encountered while attempting to send a keep-alive message to a client.

...keepAlive timeout

A client has failed to respond within the allotted time. The session is being disconnected.

duplicate key:

Client does not properly implement the authentication protocol.

invalid key:

Client does not properly implement the authentication protocol.

CONFIG_ERROR

attempt to instantiate CallBack 2nd time.

Program error.

AuthModule.load

Problem encountered while loading configuration module.

Cannot find module

Program or installation error.

NOTICE

"discarding response: " + param

No controlling application is present to receive client response.

"NOT_CLAIMED PARAMETERS: " + param

A token was not claimed by any authentication module.

...authentication module(s) loaded.

Notification that authentication modules have loaded.

...DISCONNECT ...

Normal notification of disconnection.

UNEXPECTED

"CallBack: malformed command"

Bad syntax from a user application such as utload or utidle.

.../ ... read/0:" + ie

Possible program error.

.../ ... read/1: ... Exception ...

Error encountered while reading messages from the client.

.../... protocolError: ...

Various protocol violations are reported with this message. This error condition is also a way for utauthd to force the client to reset.