[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ASN1_* Errors Returned from GSSAPI Functions

On Fri, 2005-10-21 at 15:40 +0200, Love Hörnquist Åstrand wrote:
> Andrew Bartlett <abartlet@samba.org> writes:
> > On Wed, 2005-10-12 at 09:25 +0200, Love Hörnquist Åstrand wrote:
> >> Michael B Allen <mba2000@ioplex.com> writes:
> >> 
> >> > Would you accept a patch to change this behavior wherever I think it is
> >> > occuring or is knowing enough for you to fix them?
> >> 
> >> I'll fix those that I find.
> >
> > While reinventing the wheel (re-implementing kpasswdd ;-) I found
> > another case of the same thing.  Patch attached.
> This problem is diffrent. The problem before was that the gss-api library
> returned a non-gss error.
> You problem is that if a clients sends a broken back, they get back a
> broken response (more exact). I think I prefer getting that kind of errors.
> Or did I missunderstand your problem ?

Actually, I was more worried by the fact that I just got a numeric error
message, because the asn1 error table was used, and it was not loaded.
I'm not sure if I should have done that (as the application), the
kerberos libarary should have, or I should have expected only krb5 error
returns from the krb5 libs.

I'm not worried what the client gets sent, but what I see in my
application logs and logic.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part