ipa-pwd-extop: expand error message to tell what user is not allowed to fetch keytab

When retrieving keytab, it is useful to know what user was attempting to fetch the keyts and failed. This is useful to debug one-way trust where SSSD forks out a process of ipa-getkeytab and it might be using a wrong credentials cache for authentication purposes. Part of https://fedorahosted.org/freeipa/ticket/4959 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-01-26 16:16:31 -06:00 · 2015-06-05 15:31:32 +00:00 · 2015-06-05 15:31:32 +00:00 · a9570e8ea3
commit a9570e8ea3
parent d5aa1ee04e
1 changed files with 2 additions and 2 deletions
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@ -1612,8 +1612,8 @@ static int ipapwd_getkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
                                           READKEYS_OP_CHECK, NULL,
                                           SLAPI_ACL_READ);
        if (!acl_ok) {
-            LOG_FATAL("Not allowed to retrieve keytab on [%s]!\n",
-                      service_name);
+            LOG_FATAL("Not allowed to retrieve keytab on [%s] as user [%s]!\n",
+                      service_name, bind_dn);
            err_msg = "Insufficient access rights\n";
            rc = LDAP_INSUFFICIENT_ACCESS;
            goto free_and_return;