aklog: attempt to warn about needed weak crypto switch for Lion

Lion's Kerberos is rather unfortunate. deal with the multitude of
missing functionalities by hardcoding this case here.

Reviewed-on: http://gerrit.openafs.org/5240
Tested-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 145a8490c761a0ebf7b3a1cc3017bbe8635f8014)

Change-Id: I0efe2ee18e36f0531de8261e5f032df7de3d7333
Reviewed-on: http://gerrit.openafs.org/5252
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index 0999003a0f4ec3356edb32bfc4373fe98d01dd6a..9c88e69ea3d9f8f84a65c2d193216e698f21ea06 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -339,6 +339,10 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
            krb5_svc_get_msg(code,&str);
 #elif defined(HAVE_ERROR_MESSAGE)
            str = error_message(code);
+#elif defined(KRB5_PROG_ETYPE_NOSUPP) && !(defined(HAVE_KRB5_ENCTYPE_ENABLE) || defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO))
+           /* Lion gives us nothing to hook here and no weak crypto switch */
+           if (code == KRB5_PROG_ETYPE_NOSUPP)
+               str = "encryption type not supported; \"allow_weak_crypto = true\" needed in Kerberos configuration";
 #else
            ; /* IRIX apparently has neither: use the string we have */
 #endif