Integrate kerberos tracing

swen swen at linux.ibm.com
Tue Dec 4 09:36:21 UTC 2018 

Hi Metze,

On Tue, 2018-12-04 at 10:21 +0100, Stefan Metzmacher wrote:
> Hi Swen,
> 
> > > > 
> > > > It now includes an option for 'configure' with which the
> > > > feature
> > > > can be
> > > > selected.
> 
> Do we really need a configure option here? I'd prefer to just use
> this.
> 
Volker mentioned something the other day, that he would prefer a switch
for that, but that was in relation to if it is configurable.
If you prefer to have tracing included unconditionally, then we can of
course leave it out.
I'll go with anything the majority prefers here.

> > > > This patch set is using krb5_set_trace_callback from the
> > > > kerberos
> > > > API
> > > > to provide inline tracing information.
> > > > 
> > > > The feature itself must be enabled at compile time by defining
> > > > HAVE_KRB5_TRACING, the default is to NOT have tracing compiled
> > > > in.
> > > > As mentioned above, this can be done/enabled now by specifiying
> > > > the
> > > > configuration option --with-krb5-tracing.
> > > > 
> > > > If compiled in, the trace information will only be logged if
> > > > logging is
> > > > set to DEBUG level.
> > > > 
> > > > Beside the introduction of the feature (patch 1) the inclusion
> > > > for
> > > > each
> > > > area is handled by tiny seperate patches (patch 2 - 10).
> > > > If wanted, that could be condensed to one, but I remember that
> > > > some
> > > > prefer it that way.
> > > > The last patch (patch 11) contains now the changes to the
> > > > wscript,
> > > > offering the configuration switch.
> 
> We already have something similar in smb_krb5_init_context() for
> Heimdal. Can you also add the tracing for MIT there?
> 
> I'm not sure, but I think it might be nicer to then use
> smb_krb5_init_context() instead of the raw krb5_init_context()
> so that we can't forget KRB5_TRACE_SET().
> What does others think about that?
> If we decide to use krb5_init_context() + KRB5_TRACE_SET() please
> make sure it also works for Heimdal.

Since, as you said, we have already something similar for Heimdal and 
both (heimdal & MIT) will never come together, could we tackle this in
a separate/additional patch-set ?

Cheers Swen

More information about the samba-technical mailing list