Ticket History #8247: KADM5_MISSING_KRB5_CONF

# Fri Sep 18 00:05:06 2015 kaduk@MIT.EDU (Benjamin Kaduk) - Ticket created

Subject:

KADM5_MISSING_KRB5_CONF_PARAMS should say which ones

Download (untitled) / with headers
text/plain 348B

The error string for KADM5_MISSING_KRB5_CONF_PARAMS is "Missing parameters in krb5.conf
required for kadmin client", which doesn't help the user determine which parameters are
missing. It would be good to have some way (KRB5_TRACE?) to indicate which parameters are
msising.

Inspired by https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799243

# Fri Sep 18 00:29:28 2015 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/plain 91B

Extended error messages are the best way to accomplish this, if I'm not
missing something.

# Sun Mar 13 01:55:54 2022 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/html 810B

This error code is worse than inspecific; it's almost always wrong. The required parameters are default_realm, master_key_type, default_principal_flags, max_life, max_rlife, default_principal_expiration, and supported_enctypes. But all of those parameters have defaults expect for default_realm, and a missing default_realm causes kadm5_get_config_params() to exit early with a different error code. The remaining parameters can only show up as unset if they *are* set but fail to parse. (Or in some cases, not at all; if max_life or max_rlife don't parse, the default value is silently used instead.)

We do yield this error code if iprop_enabled is set and iprop_logfile or iprop_port is unset; in those cases the error code is merely inspecific.

# Sun Mar 13 01:55:54 2022 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'open'

Ticket History #8247: KADM5_MISSING_KRB5_CONF_PARAMS should say which ones