Wireshark-dev: [Wireshark-dev] somewhat misleading error messages in -K option processing
From: "Jonathan Schilling" <[email protected]>
Date: Fri, 19 Feb 2010 10:22:07 -0500
[Resending, since this has not shown up on the archive]

In epan/dissectors/packet-kerberos.c, there is this code in a couple of
places for beginning the -K keytab-file processing:

        /* should use a file in the wireshark users dir */
        ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
        if(ret){
                fprintf(stderr, "KERBEROS ERROR: Could not open keytab file
:%s\n",filename);

                return;
        }

        ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
        if(ret){
                fprintf(stderr, "KERBEROS ERROR: Could not read from keytab
file :%s\n",filename);
                return;
        }

The two error messages are a bit misleading.  Per the KRB5 API doc at
http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/krb5api/kr
b5api4.html and elsewhere, krb5_kt_resolve() does *not* try to open the
keytab file, but rather just sees if the name is wrongly formatted.  So the
first message should be "Could not resolve keytab file ..."  If the keytab
filename is wrong, it will be detected in the call to
krb5_kt_start_seq_get().  So the second message should be something like
"Could not open or read from keytab file ...".

Thanks,

Jonathan Schilling