On an SP system, it is now possible to have three different authentication methods in place and configured for different SP system partitions and users. Depending on how you have configured your authentication mechanisms and for what purpose, you may find error messages are displayed and the command finishes successfully.
The remote commands try the authentication methods in this order:
Therefore, if you have Kerberos V5 and Kerberos V4 in place, and configured only Kerberos V4 with user ids, you will receive errors when the remote commands try Kerberos V5, before they fail and try Kerberos V4.
AIX now supports an environment variable called K5MUTE. When set to 1, this variable allows you to mute error messages from the remote commands when you have more than one authentication mechanism enabled. You can set this variable on a system-wide or process basis. It is recommended, however, that this variable not be set when debugging remote command problems because it can hide important messages.
A useful AIX tool in debugging the krshd daemon is configuring the AIX syslog. You can have error messages from the krshd daemon sent to a log of your choice. You will see messages from other daemons as well. This action must be taken on the target system since that is where krshd runs. In general, Kerberos Version 5 messages (through DCE) have a prefix of "Kerberos".
To use syslog:
*.debug file_name
where file_name is your log file, with the full path name specified.
Remember to unconfigure the /etc/syslog.conf file when you are done and to refresh the syslogd daemon.
Messages from the remote commands are translated to the language of the node on which the command is run. Ensure that the SP system is using either the English location or the SP administrative locale, so that the messages are readable.
Underlying authentication mechanisms may have other NLS restrictions. The remote commands display messages received from these mechanisms as is. Consult the necessary documentation for this authentication mechanisms for more information.
Errors from the remote commands are displayed to the user who issued the command. If you use the remote commands in a script, and do not capture error messages, they are lost. In this case, issue the remote command on the command line, in the same manner that the script issued the remote command.
To see all error messages, ensure that the AIX environment variable, K5MUTE, is set to 0.
If you wish to capture errors from the krshd daemon, you must configure syslog to do so.