diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-11 16:56:55 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-23 16:32:57 +0200 |
| commit | 498a0cefea205f7783dd675aac3f8b831d3baa82 (patch) | |
| tree | 0eed7e009d017224e12a2e013b7cc16cfc10e6c5 | |
| parent | 7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926 (diff) | |
| download | sssd-498a0cefea205f7783dd675aac3f8b831d3baa82.tar.gz sssd-498a0cefea205f7783dd675aac3f8b831d3baa82.tar.xz sssd-498a0cefea205f7783dd675aac3f8b831d3baa82.zip | |
KRB5: Print a verbose error message on failure reading the keytab
krb5_kt_resolve() returns 0 when a non-existent keytab is read, which
means there was no FATAL-level DEBUG message printed to the user in case
the keytab was missing completely and users had to enable more verbose
debugging to diagnose failure to start up.
This patch adds both the verbose DEBUG message as well as a syslog
message.
Reviewed-by: Michal Židek <mzidek@redhat.com>
| -rw-r--r-- | src/util/sss_krb5.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 7c0c5832c..a7f1bf37c 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -227,6 +227,12 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, } done: + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read keytab [%s]: %s\n", + KEYTAB_CLEAN_NAME, strerror(ret)); + sss_log(SSS_LOG_ERR, "Failed to read keytab [%s]: %s\n", + KEYTAB_CLEAN_NAME, strerror(ret)); + } if (keytab) krb5_kt_close(krb_ctx, keytab); if (krb_ctx) krb5_free_context(krb_ctx); if (client_princ != NULL) { |