[PATCH] Return correct gss-error to client.

[Richard Sharpe]

On Tue, Jan 30, 2018 at 9:03 AM, Jeremy Allison via samba-technical
<samba-technical at lists.samba.org> wrote:
> Hi all,
>
> Google ChromeOS restricts the enc types allowed for the kerberos
> client. If the DC doesn't support these types it returns
> KRB5KDC_ERR_ETYPE_NOSUPP as an error to the client code.
>
> Currently Samba doesn't pass this back to the caller as
> NT_STATUS_KDC_UNKNOWN_ETYPE, which is the NT status designated
> for this specific error - it gets returned as NT_STATUS_LOGON_FAILURE,
> which doesn't allow the caller to report the problem to the client GUI.
>
> We already handle KDC specific errors such as NT_STATUS_TIME_DIFFERENCE_AT_DC,
> this just adds another one to enable users to debug problems (so
> this isn't a case of error squashing to prevent attacks).
>
> Please review and push if happy !

FWIW, RB+ Richard Sharpe <realrichardsharpe at gmail.com>

--
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)