Is there a specific reason that when krb5_get_init_creds_password fails
the railure code is all that is logged in syslog? That negative number
appears to be useless all alone.
From reading the krb5 docs, it would seem the correct response would be
to call syslog as:
syslog(LOG_ERR, "auth_krb5: krb5_get_init_creds_password: %s",
krb5_get_error_message(context, code));
and then destroy the ccache, auth_user and context. Instead of
destroying the bits and then logging just the code as a negative number.
Have I missed some bit of information about why this is done?
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)