diff --git a/xml/security_kerberos.xml b/xml/security_kerberos.xml
index f61b3eba18..64d9060832 100644
--- a/xml/security_kerberos.xml
+++ b/xml/security_kerberos.xml
@@ -1914,6 +1914,140 @@ Valid starting Expires Service principal
-->
+
+ Troubleshooting &krb;
+
+ Troubleshooting &krb; issues can be complex because of its role in secure authentication within a network.
+ Using the KRB5_TRACE environment variable helps significantly in troubleshooting.
+ KRB5_TRACE provides a detailed log of &krb; operations.
+
+
+ Using <envar>KRB5_TRACE</envar> to debug &krb;
+
+
+ Ensure your &krb; configuration file, which is either krb5.conf or krb5.ini
+ is correctly set up. This file has all the required settings for your &krb; client and includes realms, KDC and admin servers.
+
+
+
+
+ Enable KRB5_TRACE logging by setting the environment variable to a file where you want the
+ trace logs to be saved. This file will contain detailed information on all the &krb; operations.
+ For example:
+ &prompt.sudo; export KRB5_TRACE=/path/to/krb5_trace.log
+
+
+
+Execute the action that triggers the &krb; authentication issue for example, logging into a service.
+The trace log captures the process details.
+
+
+
+
+ Examine in-depth, the contents of the log file as specified by KRB5_TRACE. The log file contains details
+ about &krb; requests,responses and errors. Specifically, look for:
+
+
+
+ Request and Response Details
+
+
+ Check if requests are reaching the KDC and responses are being received.
+
+
+
+
+ Error messages
+
+
+ Evaluate any error messages or codes that indicate something is wrong.
+
+
+
+
+
+ Network issues
+
+
+ Check if the KDC is reachable or any network issues.
+
+
+
+
+
+
+
+ Examine the common issues such as:
+
+
+
+ Configuration issues
+
+
+ Verify that the realms, KDC addresses and other settings are correct in the configuration file.
+
+
+
+
+ Synchronized time
+
+
+ &krb; is sensitive to time discrepancies so ensure all systems have a synchronized clock.
+
+
+
+
+
+ Network issues
+
+
+ Verify that there is stable connection between the client and the KDC.
+
+
+
+
+ DNS issues
+
+
+ Ensure there is a proper DNS resolution for the KDC and other &krb; related services.
+
+
+
+
+ Permission issues
+
+
+ Check if the &krb; principal has the right permissions.
+
+
+
+
+ Permission issues
+
+
+ Once you make the changes, repeat the action that triggered the issue to ensure the problem is solved.
+ Check the KRB5_TRACE log to confirm that the issues no longer exists.
+
+
+
+
+ Permission issues
+
+
+ Once the issue is resolved, you can disable KRB5_TRACE log:
+
+ &prompt.sudo; unset KRB5_TRACE
+
+
+
+
+
+ Machine accounts are subject to the same &krb; authentication as user accounts.
+ During &krb; authentication, clients that run local processes using the system
+account, assign these processes to the machine account when accessing remote resources. The machine account
+is associated to the computer name registered with the domain controller and is distinct with a $
+sign.
+
&krb; and NFS