gss_display_status() bug dealing with minor/mech specific error codes?
Simo Sorce
simo at redhat.com
Thu Apr 25 10:32:05 EDT 2013
On Wed, 2013-04-24 at 23:23 -0400, Greg Hudson wrote:
> On 04/24/2013 07:11 PM, Will Fiveash wrote:
> > Beyond that, why ignore the req_mech_type if it is provided?
>
> Even if we used the req_mech_type, the minor code produced by the krb5
> mech isn't necessarily the one we returned to the caller, because of
> error mapping. It's actually quite common for a krb5 minor status code
> to be mapped to a code like 10001 because of SPNEGO and multiple
> variations on the krb5 mech OID.
>
> Since the mappings might be different in different processes, there's no
> way we can take a minor code returned in one process and map it
> correctly in another.
We could have a static mapping tracked via some file ... but that is a
bit awful :)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list