kdc "status" - string or number

Sam Hartman hartmans at MIT.EDU
Fri Feb 5 10:12:58 EST 2010

>>>>> "Zhanna" == Zhanna Tsitkova <tsitkova at MIT.EDU> writes:

    Zhanna> On Feb 4, 2010, at 1:43 PM, Sam Hartman wrote:
    >> I don't have a strong opinion on whether status is a string or
    >> number.  I do believe that plugins need to be able to set an
    >> error string of their own choosing that manages to make its way
    >> into the KDC log and the error packet's e_text field.

    Zhanna> It was my assumption that every audit plug-in may have its
    Zhanna> own event- id map with various alert levels and filter
    Zhanna> management for the better control over what is logged in.
    Zhanna> However, if we decide to implement our own pluggable audit
    Zhanna> system, it perhaps makes sense to re-use the information
    Zhanna> (i.e. status) with minor modifications that is already
    Zhanna> available.

I'm not talking about audit plugins.  I'm talking about things like
preauth and authdata plugins.  They may potentially have errors that the
designer of the KDC has never contemplated.  Having something like a
numeric status as your only mechanism is very bad for debugging this use


More information about the krbdev mailing list