[krbdev.mit.edu #7149] Some important misconfigurations of the PKINIT plugin do not cause useful printout to KRB5_TRACE.
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed May 23 00:00:49 EDT 2012
The situation should be improved significantly in 1.11 by r25854
(committed May 8). In your particular scenario, the bogus "Out of
memory" error in the trace log would have been replaced with an OpenSSL
error, for instance.
There is still some information available through compile-time options
but not present in the trace logs (including basically everything on the
KDC side), so I wouldn't say we're done here. The main obstacle is
representing OpenSSL types in string form without adding a large amount
of code. (Also, I'm not sure I would want to dump Diffie-Hellman
parameters into the trace logs before we have a way to enable super-
verbose trace logging, since they're quite large and there are three of
them.)
More information about the krb5-bugs
mailing list