Skip Menu |
 

Subject: Report profile errors when initializing krb5 context
Currently, if the profile library reports an error during initialization of krb5 library context, in
many cases this error is ignored. Potentially, it means that not only a misconfiguration goes
unnoticed for some time, but also it may cause a problem to Kerberos administrator as this
error could be harder to diagnose at the later stages.
From: Sam Hartman <hartmans@mit.edu>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #7091] Report profile errors when initializing krb5 context
Date: Fri, 17 Feb 2012 15:50:16 -0500
RT-Send-Cc:
I would support reporting these errors via KRB5_TRACE.
I would not support

1) changing context initialization to fail in cases where it currently
does not

2) Reporting these erros to STDERR, system loging, event viewer or the
like.
Download (untitled) / with headers
text/plain 1.2KiB
[hartmans - Fri Feb 17 15:50:25 2012]:

Show quoted text
> I would support reporting these errors via KRB5_TRACE.
> I would not support
>
> 1) changing context initialization to fail in cases where it currently
> does not
>
> 2) Reporting these erros to STDERR, system loging, event viewer or the
> like.


The plan is to support trace logging via KRB5_TRACE. The section and subsection of the
configuration file where the error was found together with the error code will be reported.

We're also considering an option of eliminating the "loose" context initialization. The current
relation between the requirements stated in the configuration file and what is really
happening during the library context initialization is conflicting and misleading. We do read
the values from the configuration, but, in several cases, do not check the return codes from
profile_get_ functions. If one cares enough about some configuration parameters to read
them from the configuration files while initializing library context, it should be guaranteed
that these values are not ignored or misinterpreted, rather are retrieved and processed
correctly, without hidden surprises.

We do not plan on reporting "these erros to STDERR, system loging, event viewer".

From: tsitkova@mit.edu
Subject: SVN Commit

If trace logging facility is enabled, report misconfiguration errors encountered while initializing krb5 library context.



https://github.com/krb5/krb5/commit/319d7ed2cf78f2a4afd0c2a18f0645ba1f375903
Commit By: tsitkova
Revision: 25800
Changed Files:
U trunk/src/include/k5-trace.h
U trunk/src/lib/krb5/krb/init_ctx.c