I am using gssapi to create a Flask server that is protected by Kerberos authentication. I am wanting to debug some Kerberos errors I am seeing and hence I would like to turn on debug logging by means of the KRB5_TRACE environmental variable:
KRB5_TRACE=/dev/stdout
However, no logs are created, but they are created when I set that environmental variable and call kinit, meaning that my version of Kerberos supports this variable but it's just python-gssapi that isn't respecting that variable.
In the documentation linked to above, it states:
Some programs do not honor KRB5_TRACE, ... because they use secure library contexts
When I look at the Kerberos documentation for the library call to make a secure context, krb5_init_secure_context(), I see this statement:
Create a context structure, using only system configuration files. All information passed through the environment variables is ignored.
It sounds like gssapi may be somehow making a call to krb5_init_secure_context() and hence the trace logging configuration is being ignored.
Is there a way of turning on debug logging using gssapi? If gssapi is indeed creating a secure context, is there any way of turning on logging inside that context?