Profile access errors

Russ Allbery rra at
Mon Aug 23 18:06:35 EDT 2010

Greg Hudson <ghudson at MIT.EDU> writes:

> A relatively non-controversial thing to do would be to make
> profile_init() return EACCESS or EPERM if it saw one of those errors
> when failing to read any profile file.  I guess I'll do that for now.  I
> feel like the error-handling semantics here are very muddy, though; I'm
> not at all convinced that the proper response to "I had an access error
> reading one but not all configuration files" is to soldier on with the
> ones you can read.

Unfortunately, the main thing that I'd want is the very hardest thing to
accomplish, namely some sort of error message stating which file couldn't
be opened and what the error was sent to somewhere where we'd see it.  But
yes, that behavior matches what we saw (which was that the application
continued on oblivious, but then started throwing "cannot locate KDC for
default realm" error messages that confused things considerably).

If we had some sort of error message, we'd be able to figure it out,
almost no matter what the application then did.  Without an error message,
it's really hard to figure out what's going on, even if the application
aborts, although if the application aborts strace would at least point us
more directly to the relevant error.

Russ Allbery (rra at             <>

More information about the krbdev mailing list