[15591] in Kerberos_V5_Development
Re: config file verification tool
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Mar 12 12:11:07 2010
Mime-Version: 1.0 (Apple Message framework v1077)
From: Ken Raeburn <raeburn@mit.edu>
In-Reply-To: <4B9A6625.6050809@Sun.COM>
Date: Fri, 12 Mar 2010 12:11:01 -0500
Message-Id: <A2B77C80-3441-484B-85A7-53B4195C8C30@mit.edu>
To: Mark Phalan <Mark.Phalan@Sun.COM>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mar 12, 2010, at 11:04, Mark Phalan wrote:
> I haven't actually taken a close look at your tool yet but I was hoping
> that some of your work could be leveraged to make libkrb5 print better
> error messages. It seems to me that it should be possible to provide
> better validation within libkrb5 without adding unbearable overhead or
> complexity.
It shouldn't be too hard right now to make code that notices a missing required config-file entry use the enhanced error-message interfaces to indicate what field was missing, at least when using an API that keeps a krb5_context around. The libraries need to change to report the name of the missing entry, and the application code needs to use the right routines to extract the error message.
But a separate validation tool can flag things like unrecognized entries (which may be typos for something the admin meant to set, but may just be for third-party apps, or may be for a parallel Heimdal installation on the machine, or ...), which by themselves aren't errors and probably shouldn't be flagged by the library in normal operation.
Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev