telnet & ftp official status
Ken Raeburn
raeburn at MIT.EDU
Sat Oct 4 13:04:41 EDT 2008
On Oct 4, 2008, at 12:16, Jeffrey Hutzelman wrote:
> Sadly, I don't think it would help much. What the protocol actually
> carries is a GSS major and minor status and a text message. A server
Since the minor status values are mechanism- and implementation-
specific (and in MIT's current code, could theoretically be allocated
at run time in certain cases), transferring them from the server is
kind of useless. The text message may be useful, though.
> implementation which does not have intimate details about the
> underlying
> GSS-API mechanism implementation can't do much better than to call
> GSS_Display_status, which returns exactly those values.
> Unfortunately, it
> is all too common for the returned error to be KRB5KRB_ERR_GENERIC,
> with
> the real error being buried in a Kerberos protocol field that never
> gets
> extracted.
That's an implementation issue we Kerberos implementors can try to do
something about... and the MIT implementation should be better in that
regard than it used to be, with the new krb5_get_error_message
interface, which the GSSAPI code should be using.
Ken
More information about the krbdev
mailing list