Is it a problem to return the krb5_rd_req error code on failed authn to clients? Is that revealing information it shouldn't and I should just return success or failure? Or filter it down to a few safe ones, like clock skew, etc?
Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
