On Aug 12, 2008, at 2:28 AM, Jason Gunthorpe wrote:
I choose to just use the magic configurable: auth_gssapi_hostname = $ALL rather than introduce more configurables
Yes, the less different settings there are the better. :) Committed to v1.2 tree:
http://hg.dovecot.org/dovecot-1.2/rev/9ca5e8f66d10
+ auth_request_log_info(request, "gssapi", + "Using all keytab entires");
I'm beginning to wonder about the logging in the code though. To me it looks like all of these should rather be log_debug instead of log_info. And I don't see any log_infos for logging why the user login actually failed (does gssapi even tell anything about it?). Or debug logging about what the usernames are when trying to log in. And the GSSAPI errors probably should be logged with log_info instead of log_error, because they probably aren't errors that the sysadmin can do anything about, but rather some client misconfiguration or a client bug (at least after the initial configuration is done and working).
Any thoughts on those issues?
PGP.sig
Description: This is a digitally signed message part
