On Fri, 2010-01-15 at 15:44 -0800, Russ Allbery wrote: > > 2) Either upstream or in a Debian-specific API to be removed in the > > future--I.E. something not in a public header--we could provide some > > exception path for AFS. > > I talked to Tom on the phone about this today and proposed an additional > API that would let an application re-enable weak enctypes and rebuild the > enctypes list. This is roughly equivalent to the Heimdal API. I think > this is the best solution.
I think this is certainly a good approach for this case. It is independent from the need to fix the error reporting. *Both* the krb5 libs *and* the kdc log were very bad here in their error reporting, however: > > 3) Complaining about the KDC log error upstream definitely seems > > reasonable. > > > I'm about to head out for the weekend. There's no reason that I need to > > be the one discussing these issues, but I'm happy to take responsibility > > for #3 above. This is only part of the problem. The kdc log entry made it seem as if the principal was missing entirely--hardly accurate. But the krb5 user error that aklog printed was also horrible. (Giant numeric thing? Is that really our SOP?) Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
