diff options
author | Greg Hudson <ghudson@mit.edu> | 2014-04-28 03:58:32 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2014-05-07 12:56:15 -0400 |
commit | eba8c4909ec7ba0d7054d5d1b1061319e9970cc7 (patch) | |
tree | b10c91ffb967d767546c8fa87c105a712b116494 /.gitignore | |
parent | 035eb79b3f250b690502c66aaf664410b1d0e7e0 (diff) | |
download | krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.zip krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.gz krb5-eba8c4909ec7ba0d7054d5d1b1061319e9970cc7.tar.bz2 |
Improve krb5_rd_req decryption failure errors
When krb5_rd_req cannot decrypt a ticket, try to produce the most
helpful diagnostic we can, and return an error code which corresponds
to the most applicable Kerberos protocol error. Add a trace log
containing the error message for ticket decryption failures, in case
the application server does not log it.
Add new tests to cover krb5_rd_req error messages and adjust existing
tests to match the new messages. Also adjust svc_auth_gssapi.c to
look for KRB5KRB_AP_ERR_NOT_US instead of KRB5KRB_AP_WRONG_PRINC.
ticket: 7232
Diffstat (limited to '.gitignore')
-rw-r--r-- | .gitignore | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -252,6 +252,7 @@ testlog /src/tests/kdc.conf /src/tests/krb5.conf /src/tests/plugorder +/src/tests/rdreq /src/tests/responder /src/tests/s2p /src/tests/t_init_creds |