Question about proper return code in KCM impl
Greg Hudson
ghudson at mit.edu
Fri Oct 1 13:43:11 EDT 2021
On 10/1/21 11:13 AM, Alexey Tikhonov wrote:
> Case in question: KCM server fails to parse entry in internal DB
> during ccache lookup (for example 'KCM operation GET_PRINCIPAL')
> Currently sssd-kcm returns 'KRB5_FCC_INTERNAL'.
> I'm going to change this to delete the malformed entry (*) and return
> 'KRB5_CC_NOTFOUND'. Would it be ok from krb5 point of view?
GET_PRINCIPAL is the operation that returns the default client principal
of a ccache. If you want the cache to appear uninitialized because you
just purged it, you need to return KRB5_FCC_NOFILE. (Although the form
of this error code name appears specific to the FILE ccache type, that's
a historical botch; it has become the de facto error code to indicate an
uninitialized cache.)
KRB5_CC_NOTFOUND would be appropriate for RETRIEVE if you purged an
individual ticket from the cache and had no matching entry as a result.
More information about the krbdev
mailing list