issue with krb5int_parse_enctype_list()

Will Fiveash will.fiveash at oracle.com
Fri Jan 21 14:14:11 EST 2011 

On Thu, Jan 20, 2011 at 11:55:32PM -0500, Greg Hudson wrote:
> On Thu, 2011-01-20 at 18:52 -0500, Will Fiveash wrote:
> >         } else if (krb5_string_to_enctype(token, &etype) == 0) {
> >             /* Set a specific enctype. */
> >             mod_list(etype, sel, weak, &list);
> >         }
> > 
> > My concern is if the admin has mistyped when entering the enctypes for
> > the enctype list parameters in krb5.conf won't this logic silently
> > ignore the invalid enctype because an error return value from
> > krb5_string_to_enctype() is ignored?  Shouldn't an error be set which
> > can be output/syslogged?
> 
> That part of the code's behavior didn't change in 1.8.  In 1.7 and
> prior, you'll see the same "just ignore the string if we can't turn it
> into an enctype" logic.
> 
> Changing the behavior of the code now would carry significant risks:
> 
> * Config files which work currently could break after an upgrade.
> 
> * Config files written to include or exclude newer enctypes would break
> with older Kerberos releases.
> 
> * If we ever remove an enctype (e.g. des-hmac-sha1 which as far as I can
> tell should never have made it into a release), then that could break
> config files written to include or exclude that enctype.

I see your point in regards to returning an error code which would cause
various programs to exit.  Still, in this situation (invalid enctype
specification in the config file that isn't fatal) the admin should get
some kind of warning.  I see you've stated in a later e-mail that you'll
provide tracing support which I agree with.  Going further, it would be
nice if there some scheme by which an application could get an
indication that there were config file problems that weren't fatal and
it could deal with that warning in a suitable way.  For example krb5kdc
when starting could output/syslog those warnings once.  Of course, it
would also be nice if krb5.conf was maintained via a utility that
structured and verified the input for the config parameters.

-- 
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>

More information about the krbdev mailing list