[20318] in Kerberos_V5_Development
Re: Question about proper return code in KCM impl
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Oct 1 13:43:44 2021
To: Alexey Tikhonov <atikhono@redhat.com>, <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <61fcfc10-f538-18ab-011c-23de02f37800@mit.edu>
Date: Fri, 1 Oct 2021 13:43:11 -0400
MIME-Version: 1.0
In-Reply-To: <CABPeg3Yqn5wtcm49W4nhecOv9CYMYJg5gGLPGs700Ea8Mfzi-Q@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 10/1/21 11:13 AM, Alexey Tikhonov wrote:
> Case in question: KCM server fails to parse entry in internal DB
> during ccache lookup (for example 'KCM operation GET_PRINCIPAL')
> Currently sssd-kcm returns 'KRB5_FCC_INTERNAL'.
> I'm going to change this to delete the malformed entry (*) and return
> 'KRB5_CC_NOTFOUND'. Would it be ok from krb5 point of view?
GET_PRINCIPAL is the operation that returns the default client principal
of a ccache. If you want the cache to appear uninitialized because you
just purged it, you need to return KRB5_FCC_NOFILE. (Although the form
of this error code name appears specific to the FILE ccache type, that's
a historical botch; it has become the de facto error code to indicate an
uninitialized cache.)
KRB5_CC_NOTFOUND would be appropriate for RETRIEVE if you purged an
individual ticket from the cache and had no matching entry as a result.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
