kdc "status" - string or number
Sam Hartman
hartmans at MIT.EDU
Fri Feb 5 10:12:58 EST 2010
>>>>> "Zhanna" == Zhanna Tsitkova <tsitkova at MIT.EDU> writes:
Zhanna> On Feb 4, 2010, at 1:43 PM, Sam Hartman wrote:
>> I don't have a strong opinion on whether status is a string or
>> number. I do believe that plugins need to be able to set an
>> error string of their own choosing that manages to make its way
>> into the KDC log and the error packet's e_text field.
Zhanna> It was my assumption that every audit plug-in may have its
Zhanna> own event- id map with various alert levels and filter
Zhanna> management for the better control over what is logged in.
Zhanna> However, if we decide to implement our own pluggable audit
Zhanna> system, it perhaps makes sense to re-use the information
Zhanna> (i.e. status) with minor modifications that is already
Zhanna> available.
I'm not talking about audit plugins. I'm talking about things like
preauth and authdata plugins. They may potentially have errors that the
designer of the KDC has never contemplated. Having something like a
numeric status as your only mechanism is very bad for debugging this use
case.
--Sam
More information about the krbdev
mailing list