saslauthd/auth_krb5 krb5_get_init_creds_password failure

Frank Swasey Frank.Swasey at uvm.edu
Thu Apr 6 10:57:52 EDT 2017


Is there a specific reason that when krb5_get_init_creds_password fails 
the railure code is all that is logged in syslog?  That negative number 
appears to be useless all alone.

>From reading the krb5 docs, it would seem the correct response would be 
to call syslog as:

syslog(LOG_ERR, "auth_krb5: krb5_get_init_creds_password: %s",
 	krb5_get_error_message(context, code));

and then destroy the ccache, auth_user and context.  Instead of 
destroying the bits and then logging just the code as a negative number.

Have I missed some bit of information about why this is done?

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
   "I am not young enough to know everything." - Oscar Wilde (1854-1900)


More information about the Cyrus-sasl mailing list