gss_display_status() bug dealing with minor/mech specific error codes?
Greg Hudson
ghudson at MIT.EDU
Wed Apr 24 23:23:40 EDT 2013
On 04/24/2013 07:11 PM, Will Fiveash wrote:
> Beyond that, why ignore the req_mech_type if it is provided?
Even if we used the req_mech_type, the minor code produced by the krb5
mech isn't necessarily the one we returned to the caller, because of
error mapping. It's actually quite common for a krb5 minor status code
to be mapped to a code like 10001 because of SPNEGO and multiple
variations on the krb5 mech OID.
Since the mappings might be different in different processes, there's no
way we can take a minor code returned in one process and map it
correctly in another.
More information about the krbdev
mailing list