On 10 Dec 2011, at 20:21, Jeffrey Hutzelman wrote:
> While that's all true, in practice it turns out to be very useful for
> troubleshooting to return this information, even though the values are
> not standardized.
Now I think of it, I recall that we had a very similar discussion during the
standardisation of SSH's GSSAPI support. Rather than rehash all of that again
here, I'll accept that the minor_status can be useful in the Kerberos case,
although for reasons that aren't entirely standardised.
So, I propose changing the signature of GSSNegotiate to the following:
GSSNegotiate(IN RXGK_StartParams *client_start,
IN RXGK_Token *input_token_buffer,
IN RXGK_Token *opaque_in,
OUT RXGK_Token *output_token_buffer,
OUT RXGK_Token *opaque_out,
OUT afs_uint32 *gss_minor_status,
OUT afs_uint23 *gss_minor_status,
OUT RXGK_Token *rxgk_info) = 1;
And modifying the parameter definitions to:
gss_major_status The major status code output by the server's call to
gss_accept_sec_context
gss_minor_status The minor status code returned by
gss_accept_sec_context. Implementors should note that minor status
codes are not portable between GSSAPI implementations.
Does that seem reasonable?
>>
>> Yes. Sadly there isn't a good reference document describing RX
>
> I'd be very interested in seeing a volunteer to pick that up, sand off
> the rough spots, and get it published.
Mike Meffie did some work on this, and sent the outcome to this group back in
2009. I don't think that document went anywhere - it certainly doesn't seem to
have been submitted to the Internet Drafts repository, and the copy he linked
to is no longer available. Mike, perhaps you could publish what you had?
Cheers,
Simon.
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
