Skip Menu |

Subject: KADM5_MISSING_KRB5_CONF_PARAMS should say which ones
The error string for KADM5_MISSING_KRB5_CONF_PARAMS is "Missing parameters in krb5.conf
required for kadmin client", which doesn't help the user determine which parameters are
missing. It would be good to have some way (KRB5_TRACE?) to indicate which parameters are

Inspired by
Extended error messages are the best way to accomplish this, if I'm not
missing something.
This error code is worse than inspecific; it's almost always wrong.  The required parameters are default_realm, master_key_type, default_principal_flags, max_life, max_rlife, default_principal_expiration, and supported_enctypes.  But all of those parameters have defaults expect for default_realm, and a missing default_realm causes kadm5_get_config_params() to exit early with a different error code.  The remaining parameters can only show up as unset if they *are* set but fail to parse.  (Or in some cases, not at all; if max_life or max_rlife don't parse, the default value is silently used instead.)

We do yield this error code if iprop_enabled is set and iprop_logfile or iprop_port is unset; in those cases the error code is merely inspecific.