How to use krb5_get_error_message() when context initialization failed?
Petr Spacek
pspacek at redhat.com
Wed Feb 27 06:57:50 EST 2013
On 26.2.2013 18:27, Russ Allbery wrote:
> Petr Spacek <pspacek at redhat.com> writes:
>
>> I tried following C code snippet and it worked, but I want to ask
>> Kerberos experts to be sure that it will not blow up:
>
>> krberr = krb5_init_context(&context);
>> if (krberr)
>> krb5_get_error_message(NULL, krberr);
>
> You will get segfaults with older versions of Heimdal if you pass NULL as
> the context to krb5_get_error_message, but this will work properly with
> MIT Kerberos and current versions of Heimdal. You won't get much useful
> in the error message, though, just a straight translation of the error
> code to a static string. Unfortunately, there isn't a good way for the
> Kerberos library to report a useful error (particularly since the most
> common reason for krb5_init_context failing is a syntactically invalid
> krb5.conf file, for which a verbose error message would be very nice).
I understand that error message without proper context can't be verbose, but
even general code->text translation is more usable than "Kerberos context
initialization failed" message :-)
Thank you for your reply!
--
Petr^2 Spacek
More information about the Kerberos
mailing list