[39315] in Kerberos
Re: Using PKINIT with ECC
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Sun Nov 19 12:13:51 2023
Message-ID: <6e03e115-5845-4f6e-bdae-fac432a08d53@taltos.org>
Date: Sun, 19 Nov 2023 09:13:21 -0800
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Language: en-US
From: Carson Gaspar <carson@taltos.org>
In-Reply-To: <202311191700.3AJH0hJD016758@hedwig.cmf.nrl.navy.mil>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 11/19/2023 9:00 AM, Ken Hornstein via Kerberos wrote:
> I have mentioned this before, but ... is there any interest in adding
> additional trace points for every place where the old "pkiDebug" calls
> are made? Hidden errors when doing PKINIT are the bane of my existence
> and I feel that I'm not the only one. I understand there are concerns
> about making the trace log too verbose but I think every error could
> generate a trace message and it wouldn't add too much to the trace output
> when everything was working.
Consider this a +1 for some way to enable useful PKINIT debugging
without a recompile. The number of times I've had to install a debug
plugin .so just to figure out basic config issues...
Hell, even just adding an autoconf option to enable it so I didn't have
to hand-edit the include file would be a win... (yeah, I could probably
pass in a custom CPPFLAGS option, but by the time I find the !@#$% macro
I'm already in the include file, so...)
--
Carson
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
