Is there a way to enable Kerberos logging on Enforce for troubleshooting?
The following log levels can be added within the Kerberos module:
Add to the krb5.ini the following:
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
This will capture the Kerberos logging and tells where to write it to. In above examples it will be written to the designated files. You can also specify syslog servers as reference as in the following example