kdc "status" - string or number
Russ Allbery
rra at stanford.edu
Mon Feb 8 15:58:21 EST 2010
Sam Hartman <hartmans at mit.edu> writes:
>>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
> Greg> An alternative proposal would be to use KDC-internal error
> Greg> codes everywhere, and have a big function or table which maps
> Greg> them onto protocol errors. That design would simplify the
> Greg> error-handling code within the KDC, at the expense of having a
> Greg> long-range correspondence between the set of error codes used
> Greg> in the KDC (and subsidiary libraries) and the protocol error
> Greg> code map.
> I actually kind of like this proposal.
I recommend this approach too. I've been fighting with a similar problem
with PAM modules, where the return codes are determined by the PAM
documentation and I want richer codes internally, and I've pretty much
decided on this approach as the best one.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list