From 145a8490c761a0ebf7b3a1cc3017bbe8635f8014 Mon Sep 17 00:00:00 2001
From: Derrick Brashear <shadow@dementia.org>
Date: Fri, 12 Aug 2011 16:54:03 -0400
Subject: [PATCH] aklog: attempt to warn about needed weak crypto switch for
 Lion

Lion's Kerberos is rather unfortunate. deal with the multitude of
missing functionalities by hardcoding this case here.

Change-Id: I95f9136cecb476f70fe694847a518eabd2d1ef44
Reviewed-on: http://gerrit.openafs.org/5240
Tested-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
---
 src/aklog/aklog.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index c437599ce..2a744d2e6 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -313,6 +313,10 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
 	    krb5_svc_get_msg(code,&str);
 #elif defined(HAVE_ERROR_MESSAGE)
 	    str = error_message(code);
+#elif defined(KRB5_PROG_ETYPE_NOSUPP) && !(defined(HAVE_KRB5_ENCTYPE_ENABLE) || defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO))
+	    /* Lion gives us nothing to hook here and no weak crypto switch */
+	    if (code == KRB5_PROG_ETYPE_NOSUPP)
+		str = "encryption type not supported; \"allow_weak_crypto = true\" needed in Kerberos configuration";
 #else
 	    ; /* IRIX apparently has neither: use the string we have */
 #endif
-- 
2.39.5