telnet & ftp official status

Ken Raeburn raeburn at MIT.EDU
Sat Oct 4 13:35:04 EDT 2008

On Oct 4, 2008, at 13:11, Jeffrey Hutzelman wrote:
> FWIW, I thought the minor_status values were implementation- 
> dependent, too, but RFC2743 only calls them mechanism-specific.  So  
> at a minimum, I think it is possible to have mechanisms which  
> specify their meaning, even though the Kerberos V mechanism does not  
> do so.

RFC 2743 section 1.2.8 calls them "locally-significant", which  
suggests that across systems they needn't have the same values.

RFC 2744 variously calls them mechanism-specific or implementation- 
specific.  It's difficult or impossible to determine which mechanism  
returned a given error in certain cases; in some calls, the minor  
status is supposedly mechanism-specific, but there's clearly no  
specific mechanism involved.  See gss_indicate_mechs and  
gss_create_empty_oid_set, for example.

Other mechanism specs I've looked at also do not specify minor status  
values, although at least one specified the top bit or two for  
different classes of mechanism-specific errors, and left them  
otherwise unspecified.  And the general recommendation is that an  
implementation should provide "a facility" to translate the symbolic  
names to the values used by the implementation; it's not even required  
to be C macros expanding to integer constants.  Calling functions with  
these symbols as string arguments, or macros expanding to function  
calls, would be acceptable.  (At least, I don't think the C bindings  
make it more specific.)


More information about the krbdev mailing list