[16822] in Kerberos-V5-bugs
[krbdev.mit.edu #8247] [Comment] KADM5_MISSING_KRB5_CONF_PARAMS
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sun Mar 13 01:56:00 2022
From: "Greg Hudson via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-4115280-1647154554-506.8247-8-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8247":;
Date: Sun, 13 Mar 2022 01:55:54 -0500
MIME-Version: 1.0
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=8247
This is a comment. It is not sent to the Requestor(s):
This error code is worse than inspecific; it's almost always wrong. The
required parameters are default_realm, master_key_type,
default_principal_flags, max_life, max_rlife, default_principal_expiration,
and supported_enctypes. But all of those parameters have defaults expect for
default_realm, and a missing default_realm causes kadm5_get_config_params() to
exit early with a different error code. The remaining parameters can only
show up as unset if they *are* set but fail to parse. (Or in some cases, not
at all; if max_life or max_rlife don't parse, the default value is silently
used instead.)
We do yield this error code if iprop_enabled is set and iprop_logfile or
iprop_port is unset; in those cases the error code is merely inspecific.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
