[16711] in Kerberos_V5_Development
Re: mechglue debugging
daemon@ATHENA.MIT.EDU (Luke Howard)
Tue Mar 22 00:40:32 2011
Mime-Version: 1.0 (Apple Message framework v1082)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <1300717936.2397.710.camel@t410>
Date: Tue, 22 Mar 2011 15:40:18 +1100
Message-Id: <937A7C25-E3A8-4AD5-B89D-64641290DC8A@padl.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: Sam Hartman <hartmans@mit.edu>, "krbdev@mit.edu List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 22/03/2011, at 1:32 AM, Greg Hudson wrote:
> On Mon, 2011-03-21 at 10:11 -0400, Sam Hartman wrote:
>>>>>>> "Luke" == Luke Howard <lukeh@padl.com> writes:
>>
>> Luke> The mechglue could really do with some debug statements for
>> Luke> when mechanism plugins do not load. What's the right way to do
>> Luke> logging from within a library? I basically plan to just
>> Luke> uncomment the existing syslog() calls, but obviously there's a
>> Luke> more appropriate way otherwise they wouldn't be commented out.
>>
>> Take a look at src/include/k5-trace.h
>
> That framework requires a krb5 context (so it can turn off tracing for
> secure contexts, and so it can allow app control of tracing). Not so
> useful for the mechglue in its current form.
krb5 context is not a problem (if not ideal), but it does appear to require tracing be explicitly enabled on the context, which is not very useful if the caller does not have a way to access the context.
For now, I'm inclined to put fprintf statements in. It's not perfect, but it's the best I can think of, and it is an exceptional condition that can only arise from a misconfigured /etc/gss/mech.
-- Luke
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
