Question about proper return code in KCM impl
Alexey Tikhonov
atikhono at redhat.com
Fri Oct 1 11:13:08 EDT 2021
Hello,
I've got a question about proper return code in a specific scenario in
SSSD implementation of KCM server.
Case in question: KCM server fails to parse entry in internal DB
during ccache lookup (for example 'KCM operation GET_PRINCIPAL')
Currently sssd-kcm returns 'KRB5_FCC_INTERNAL'.
I'm going to change this to delete the malformed entry (*) and return
'KRB5_CC_NOTFOUND'. Would it be ok from krb5 point of view?
*) The reason I'm touching this is that SSSD drops support for the old
time deprecated internal ccache format and we need to gracefully
handle the case if somebody still has very old tickets in the wild...
Thank you,
Alexey.
More information about the krbdev
mailing list