Improve krb5_rd_req decryption failure errors

When krb5_rd_req cannot decrypt a ticket, try to produce the most helpful diagnostic we can, and return an error code which corresponds to the most applicable Kerberos protocol error. Add a trace log containing the error message for ticket decryption failures, in case the application server does not log it. Add new tests to cover krb5_rd_req error messages and adjust existing tests to match the new messages. Also adjust svc_auth_gssapi.c to look for KRB5KRB_AP_ERR_NOT_US instead of KRB5KRB_AP_WRONG_PRINC. ticket: 7232
author: Greg Hudson <ghudson@mit.edu> 2014-04-28 03:58:32 -0400
committer: Greg Hudson <ghudson@mit.edu> 2014-05-07 12:56:15 -0400
commit: eba8c4909ec7ba0d7054d5d1b1061319e9970cc7 (patch)
tree: b10c91ffb967d767546c8fa87c105a712b116494 /.gitignore
parent: 035eb79b3f250b690502c66aaf664410b1d0e7e0 (diff)
download: krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.zip
krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.gz
krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 0121752..45a3e15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -252,6 +252,7 @@ testlog
 /src/tests/kdc.conf
 /src/tests/krb5.conf
 /src/tests/plugorder
+/src/tests/rdreq
 /src/tests/responder
 /src/tests/s2p
 /src/tests/t_init_creds
author	Greg Hudson <ghudson@mit.edu>	2014-04-28 03:58:32 -0400
committer	Greg Hudson <ghudson@mit.edu>	2014-05-07 12:56:15 -0400
commit	eba8c4909ec7ba0d7054d5d1b1061319e9970cc7 (patch)
tree	b10c91ffb967d767546c8fa87c105a712b116494 /.gitignore
parent	035eb79b3f250b690502c66aaf664410b1d0e7e0 (diff)
download	krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.zip krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.gz krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.bz2