Hi,
I was seeing some loud debug messages with a direct AD client. I think
it's safe to silence them by ignoring these krb5 error code (I saw a
similar ignore blocks in libkrb5 itself), please see the attached patch.
>From 0c083ceed5e56ab19e893c6c8a4a91d63f9e493a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <[email protected]>
Date: Fri, 4 Sep 2015 10:30:03 +0200
Subject: [PATCH] KRB5: Don't error out reading a minimal krb5.conf
With some setups, krb5.conf can be really minimal. In those cases, we
should ignore PROF_NO_RELATION and PROF_NO_SECTION and just return
"false" as in "no proxy" without a loud debug message.
---
src/util/sss_krb5.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index
2e128db3c9fcb0dfa88cab1ed799abd714ad8ba6..158bd7a2d36135206836c3e30ff21cab986172d2
100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1103,7 +1103,10 @@ bool sss_krb5_realm_has_proxy(const char *realm)
profile_path[1] = realm;
kerr = profile_get_values(profile, profile_path, &list);
- if (kerr != 0) {
+ if (kerr == PROF_NO_RELATION || kerr == PROF_NO_SECTION) {
+ kerr = 0;
+ goto done;
+ } else if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n");
goto done;
}
--
2.4.3
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
