How to use krb5_get_error_message() when context initialization failed?

Russ Allbery rra at stanford.edu
Tue Feb 26 12:27:23 EST 2013


Petr Spacek <pspacek at redhat.com> writes:

> I tried following C code snippet and it worked, but I want to ask
> Kerberos experts to be sure that it will not blow up:

> krberr = krb5_init_context(&context);
> if (krberr)
> 	krb5_get_error_message(NULL, krberr);

You will get segfaults with older versions of Heimdal if you pass NULL as
the context to krb5_get_error_message, but this will work properly with
MIT Kerberos and current versions of Heimdal.  You won't get much useful
in the error message, though, just a straight translation of the error
code to a static string.  Unfortunately, there isn't a good way for the
Kerberos library to report a useful error (particularly since the most
common reason for krb5_init_context failing is a syntactically invalid
krb5.conf file, for which a verbose error message would be very nice).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list