From krb5-bugs-incoming-bounces@PCH.mit.edu  Tue May 22 22:36:52 2012
Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by krbdev.mit.edu (Postfix) with ESMTP id 254423DE85;
	Tue, 22 May 2012 22:36:52 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q4N2apec026824;
	Tue, 22 May 2012 22:36:51 -0400
Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q4N1CTgm016207
	for <krb5-bugs-incoming@PCH.mit.edu>; Tue, 22 May 2012 21:12:29 -0400
Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU
	[18.7.68.37])
	by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id q4N1CNmQ018424
	for <krb5-bugs@mit.edu>; Tue, 22 May 2012 21:12:29 -0400
X-AuditID: 12074425-b7f966d0000008b6-85-4fbc397cddaf
Authentication-Results: symauth.service.identifier
Received: from sl6hotz.jpl.nasa.gov (wildcard.jpl.nasa.gov [128.149.133.56])
	by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP
	id 54.78.02230.C793CBF4; Tue, 22 May 2012 21:12:29 -0400 (EDT)
Received: by sl6hotz.jpl.nasa.gov (Postfix, from userid 1989)
	id 478A22833F9; Tue, 22 May 2012 18:12:27 -0700 (PDT)
To: krb5-bugs@mit.edu
Subject: Insufficient Information Printed from the PKINIT Plugin
From: hotz@jpl.nasa.gov
X-send-pr-version: 3.99
Message-Id: <20120523011227.478A22833F9@sl6hotz.jpl.nasa.gov>
Date: Tue, 22 May 2012 18:12:27 -0700 (PDT)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRWlGSWpSXmKPExsXSMLXVQrfWco+/waNeJouGh8fZHRg9ms4c
	ZQ5gjOKySUnNySxLLdK3S+DK2Nnew1hwgqNi30/pBsZJ7F2MnBwSAiYSO14dAbMZBYwkdp97
	xQoRF5O4cG89WxcjF4eQwFVGiX1v3jGCJIQESiU271rKBmKLCIhKvPx7jAXEFhZwkLi5+gWY
	zSYgLnGi7RsTRL20xOxNu8HqmQVYJP682cACsUBcYsf200CLOTh4BWwl3k1NBQmzCGhLnNrS
	yzqBkXcBI8MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXQu93MwSvdSU0k2MQP8Lsbuo7mCccEjp
	EKMAB6MSD2/h+d3+QqyJZcWVuYcYJTmYlER5fc32+AvxJeWnVGYkFmfEF5XmpBYfYpTgYFYS
	4V0/HaicNyWxsiq1KB8mJc3BoiTOu04TKCWQnliSmp2aWpBaBJNl4mA/xCjDwaEkwbvcAmiy
	YFFqempFWmZOCbIaThDBBbKGB2jNFpBC3uKCxNzizHSIolOMilLivLtAEgIgiYzSPLgBoJit
	/////yVGWSlhXkYGBgYhHqALgB5HyINi/hWjONDTwryHQKbwZOaVwE1/BbSYCWhx0IudIItL
	EhFSUg2MCgWNob9lVUsW35PPiXZ4cDNggfi6FbbyD98W9XQI/PzH33m5K5hjZ2H6YskpMa9W
	3ZFyYG5bPT3cVZClnaVd6U2BqqDtj5yNvwty/CaejOeqeMz+0r799U2u3C8HeNbsX3n34K1P
	rKseWTZPvfHG7QWbYLXE0UC1T2fSzZcosC2LXMVj7KanxFKckWioxVxUnAgAofmd2NQCAAA=
X-Mailman-Approved-At: Tue, 22 May 2012 22:36:49 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: hotz@jpl.nasa.gov
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu


>Submitter-Id:	net
>Originator:	Henry B. Hotz
>Organization:
	Jet Propulsion Laboratory
>Confidential:	no
>Synopsis:	Some important misconfigurations of the PKINIT plugin do not cause useful printout to KRB5_TRACE.
>Severity:	non-critical
>Priority:	medium
>Category:	krb5-clients
>Class:		support
>Release:	1.9
>Environment:
	Intel VM, Scientific Linux 6.2, Scientific Linux 6.2, pkinit plugin
System: Linux sl6hotz.jpl.nasa.gov 2.6.32-220.13.1.el6.x86_64 #1 SMP Tue Apr 17 15:16:22 CDT 2012 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64

>Description:
	Some errors printed by the pkiDebug() routine, such as "no anchors in file" suggest mistakes in the krb5.conf.  They should be printed to KRB5_TRACE, since it may be difficult to debug a configuration without them.  It would not be excessive, but might not be necessary, to make all pkiDebug() go to KRB5_TRACE.
>How-To-Repeat:
	Varies.  For the specific example just given set pkinit_anchors to a .der-formatted file instead of PEM.
>Fix:
	The workaround used was to build with the DEBUG flag.  Seems excessive.