aklog: attempt to warn about needed weak crypto switch for Lion

Lion's Kerberos is rather unfortunate. deal with the multitude of
missing functionalities by hardcoding this case here.

Change-Id: I95f9136cecb476f70fe694847a518eabd2d1ef44
Reviewed-on: http://gerrit.openafs.org/5240
Tested-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index c437599..2a744d2 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -313,6 +313,10 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
            krb5_svc_get_msg(code,&str);
 #elif defined(HAVE_ERROR_MESSAGE)
            str = error_message(code);
+#elif defined(KRB5_PROG_ETYPE_NOSUPP) && !(defined(HAVE_KRB5_ENCTYPE_ENABLE) || defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO))
+           /* Lion gives us nothing to hook here and no weak crypto switch */
+           if (code == KRB5_PROG_ETYPE_NOSUPP)
+               str = "encryption type not supported; \"allow_weak_crypto = true\" needed in Kerberos configuration";
 #else
            ; /* IRIX apparently has neither: use the string we have */
 #endif