summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-06-17 13:47:14 +1000
committerAndrew Tridgell <tridge@samba.org>2011-06-17 15:24:23 +1000
commite080ae0faa2556825189f82fa61a7ff5f249dbc5 (patch)
tree2f30993c0cf36217fa2ca709780bfd2105b2f0e8
parent705ed1c4921a1456ebcf80ac352567679ab7dfa9 (diff)
downloadsamba-e080ae0faa2556825189f82fa61a7ff5f249dbc5.tar.gz
samba-e080ae0faa2556825189f82fa61a7ff5f249dbc5.tar.bz2
samba-e080ae0faa2556825189f82fa61a7ff5f249dbc5.zip
s4-auth: quiet down the krb5 warnings when kerberos is not set to 'MUST'
this prevents spurious error messages on client commands when when we will fallback to NTLM authentication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/auth/credentials/credentials_krb5.c6
-rw-r--r--source4/auth/gensec/gensec.c2
2 files changed, 6 insertions, 2 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 26fa8099ab..6670f434d9 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -482,7 +482,11 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
&ccache, error_string);
if (ret) {
- DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
+ if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
+ DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", error_message(ret)));
+ } else {
+ DEBUG(4, ("Failed to get kerberos credentials: %s\n", error_message(ret)));
+ }
return ret;
}
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b91e790d3c..7e6a83d51f 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -639,7 +639,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
if (gensec_security->ops->client_start) {
status = gensec_security->ops->client_start(gensec_security);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n",
+ DEBUG(gensec_security->subcontext?4:2, ("Failed to start GENSEC client mech %s: %s\n",
gensec_security->ops->name, nt_errstr(status)));
}
return status;