telnet & ftp official status
Ken Raeburn
raeburn at MIT.EDU
Sat Oct 4 13:35:04 EDT 2008
On Oct 4, 2008, at 13:11, Jeffrey Hutzelman wrote:
> FWIW, I thought the minor_status values were implementation-
> dependent, too, but RFC2743 only calls them mechanism-specific. So
> at a minimum, I think it is possible to have mechanisms which
> specify their meaning, even though the Kerberos V mechanism does not
> do so.
RFC 2743 section 1.2.8 calls them "locally-significant", which
suggests that across systems they needn't have the same values.
RFC 2744 variously calls them mechanism-specific or implementation-
specific. It's difficult or impossible to determine which mechanism
returned a given error in certain cases; in some calls, the minor
status is supposedly mechanism-specific, but there's clearly no
specific mechanism involved. See gss_indicate_mechs and
gss_create_empty_oid_set, for example.
Other mechanism specs I've looked at also do not specify minor status
values, although at least one specified the top bit or two for
different classes of mechanism-specific errors, and left them
otherwise unspecified. And the general recommendation is that an
implementation should provide "a facility" to translate the symbolic
names to the values used by the implementation; it's not even required
to be C macros expanding to integer constants. Calling functions with
these symbols as string arguments, or macros expanding to function
calls, would be acceptable. (At least, I don't think the C bindings
make it more specific.)
Ken
More information about the krbdev
mailing list