Re: [SSSD] [PATCH] Fetch one-way trust keytabs on sssd restart again

On 08/12/2015 02:20 PM, Jakub Hrozek wrote: >On Fri, Aug 07, 2015 at 12:22:39PM +0200, Pavel Březina wrote: >>On 07/30/2015 09:52 PM, Jakub Hrozek wrote: >>>On Thu, Jul 30, 2015 at 09:46:11PM +0200, Jakub Hrozek wrote: >>>>Hi, >>>> >>>>the attached patches implement fetching the keytab for one-way trusts on >>>>each sssd restart. This is in order for admin to be able to call service >>>>sssd restart and have fresh keytabs in case the trust was re-established >>>>in the meantime. >>>> >>>>Even though retrieving the keytabs is quite expensive operation, >>>>restarting the sssd instance on the IPA server should be quite rare. >>> >>>Sorry, I shouldn't be sending patches before Coverity results arrive. >>>Attached version fixes error handling in the first patch and fixes an >>>unused variable in the second one. >> >>Hi, >>the code looks good. I just have an idea to move the talloc destructor that >>ensure the temporary file will get unlinked into sss_unique_file. >> >>We can provide a talloc context there and setup a destructor if requested. >>Something like: >> >>sss_unique_file(owner, file) >> if owner != NULL >> talloc_set_destructor > >Hi, > >please see the attached patches. Since the unique file code is not >totally trivial (even though tested) I will move using the >sss_unique_file() interface in other sssd code into a different patchset >-- I would like to apply these patches to downstream and changing the >mkstemp() calls might be too risky there. > Ack.