As usual, don't assume I have any clue, but I am trying to fold what I consider small worthwhile changes into future releases. In order as seen in the diff: * Log the static preauth mechs that have been found to be "valid" * Log the dynamic preauth mechs that have been found to be "valid" * Check against NULL, not 0, per the calloc()/malloc() man page. A nitpick. * Set length to 0, not NULL. This cleared up a gcc warning, so maybe it's right... --- ../../PRISTINE-DONT-MOD-krb5-1.8/src/kdc/kdc_preauth.c 2010-02-12 15:28:39.000000000 -0500 +++ kdc/kdc_preauth.c 2010-04-23 11:13:16.000000000 -0400 @@ -490,6 +490,9 @@ ((*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names) != 0)) { memset(&preauth_systems[k], 0, sizeof(preauth_systems[k])); + krb5_klog_syslog (LOG_INFO, + "Static preauth mechanism %s valid for use.", + static_preauth_systems[i].name); continue; } preauth_systems[k].plugin_context = plugin_context; @@ -537,6 +540,9 @@ } preauth_systems[k].name = ftable->name; preauth_systems[k].type = ftable->pa_type_list[j]; + krb5_klog_syslog (LOG_INFO, + "Dynamic preauth mechanism %s valid for use.", + preauth_systems[k].name); if (ftable->flags_proc != NULL) preauth_systems[k].flags = ftable->flags_proc(context, preauth_systems[k].type); @@ -1006,8 +1012,11 @@ hw_only = isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH); /* Allocate two extra entries for the cookie and the terminator. */ pa_data = calloc(n_preauth_systems + 2, sizeof(krb5_pa_data *)); - if (pa_data == 0) + if (pa_data == NULL) { + krb5_klog_syslog (LOG_INFO, + "Not enough memory in get_preauth_hint_list"); return; + } pa = pa_data; for (ap = preauth_systems; ap->type != -1; ap++) { @@ -1328,7 +1337,7 @@ } key_modified = FALSE; null_item.contents = NULL; - null_item.length = NULL; + null_item.length = 0; send_pa = send_pa_list; *send_pa = 0;