telnet & ftp official status

Ken Raeburn raeburn at MIT.EDU
Sat Oct 4 13:04:41 EDT 2008

On Oct 4, 2008, at 12:16, Jeffrey Hutzelman wrote:
> Sadly, I don't think it would help much.  What the protocol actually
> carries is a GSS major and minor status and a text message.  A server

Since the minor status values are mechanism- and implementation- 
specific (and in MIT's current code, could theoretically be allocated  
at run time in certain cases), transferring them from the server is  
kind of useless.  The text message may be useful, though.

> implementation which does not have intimate details about the  
> underlying
> GSS-API mechanism implementation can't do much better than to call
> GSS_Display_status, which returns exactly those values.   
> Unfortunately, it
> is all too common for the returned error to be KRB5KRB_ERR_GENERIC,  
> with
> the real error being buried in a Kerberos protocol field that never  
> gets
> extracted.

That's an implementation issue we Kerberos implementors can try to do  
something about... and the MIT implementation should be better in that  
regard than it used to be, with the new krb5_get_error_message  
interface, which the GSSAPI code should be using.


More information about the krbdev mailing list