[1498] in Kerberos_V5_Development
Re: kadmind lossage
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Aug 5 16:14:42 1996
Date: Mon, 5 Aug 1996 16:14:34 -0400
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: tlyu@MIT.EDU, krbcore@MIT.EDU
From: Tom Yu <tlyu@MIT.EDU>
In-Reply-To: <9608021535.AA16890@DUN-DUN-NOODLES.MIT.EDU>
>>>>> "Barry" == "Barry Jaspan" <bjaspan@MIT.EDU> writes:
Barry> That is a debugging message printed by the RPC AUTH_GSSAPI
Barry> layer. kadmind first tries to acquire credentials for
Barry> kadmin and ovsec_adm principals and, if that fails, it
Barry> tries only to acquire credentials for kadmin principals;
Barry> this way it can accept ovsec_adm requests if the keys are
Barry> present in the keytab. In rpc/svc_auth_gssapi.c,
Barry> _svcauth_gssapi_set_names displayes that error message only
Barry> if a global debugging integer is non-zero, which it
Barry> shouldn't be.
It seems that svc_auth_gssapi.c has an #ifdef DEBUG_GSSAPI which
declares the macro AUTH_GSSAPI_DISPLAY_STATUS, which calls
auth_gssapi_display_status if the debugging int svc_debug_gssapi is
non-zero. The thing is, svc_debug_gssapi is set to DEBUG_GSSAPI,
which is always one our build for some reason. Should we keep this
debugging symbol in or not? Or should we do something like
-DDEBUG_GSSAPI=0? :-)
---Tom
