[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: Question about proper return code in KCM impl
From: Greg Hudson <ghudson () mit ! edu>
Date: 2021-10-01 17:43:11
Message-ID: 61fcfc10-f538-18ab-011c-23de02f37800 () mit ! edu
[Download RAW message or body]
On 10/1/21 11:13 AM, Alexey Tikhonov wrote:
> Case in question: KCM server fails to parse entry in internal DB
> during ccache lookup (for example 'KCM operation GET_PRINCIPAL')
> Currently sssd-kcm returns 'KRB5_FCC_INTERNAL'.
> I'm going to change this to delete the malformed entry (*) and return
> 'KRB5_CC_NOTFOUND'. Would it be ok from krb5 point of view?
GET_PRINCIPAL is the operation that returns the default client principal
of a ccache. If you want the cache to appear uninitialized because you
just purged it, you need to return KRB5_FCC_NOFILE. (Although the form
of this error code name appears specific to the FILE ccache type, that's
a historical botch; it has become the de facto error code to indicate an
uninitialized cache.)
KRB5_CC_NOTFOUND would be appropriate for RETRIEVE if you purged an
individual ticket from the cache and had no matching entry as a result.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic