aklog: retry getting tokens for KRB5_KT_NOTFOUND error 26/13826/5
authorYadavendra Yadav <yadayada@in.ibm.com>
Wed, 28 Aug 2019 11:13:35 +0000 (16:13 +0530)
committerBenjamin Kaduk <kaduk@mit.edu>
Thu, 12 Sep 2019 04:32:02 +0000 (00:32 -0400)
If we're creating tokens with -keytab and our AFS service principal is
afs@<cellname>, we'll first try creating tokens with
afs/<cellname>@<cellname> and krb5_kt_get_entry will fail with
KRB5_KT_NOTFOUND. Since we do not retry for KRB5_KT_NOTFOUND error, we
will not get tokens. So in order to get tokens for principal
afs@<cellname> we should retry for KRB5_KT_NOTFOUND error. Thanks to
jpjanosi@us.ibm.com for finding this issue and suggesting a fix.

Change-Id: I8af9df9876973badc4631f509eebcda46d667cef
Reviewed-on: https://gerrit.openafs.org/13826
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

src/aklog/aklog.c

index 4f9050f..2435985 100644 (file)
@@ -145,6 +145,7 @@ static int get_user_realm(krb5_context, char **);
 
 #define TRYAGAIN(x) (x == AKLOG_TRYAGAIN || \
                     x == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || \
+                    x == KRB5_KT_NOTFOUND || \
                     x == KRB5KRB_ERR_GENERIC)
 
 #if defined(HAVE_KRB5_PRINC_SIZE) || defined(krb5_princ_size)