-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/26/2010 11:59 AM, Sumit Bose wrote: > On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: > https://fedorahosted.org/sssd/ticket/691 > > In this version of patch, I only allowed the fallback in Kerberos where > I also switched from TCP do UDP as the default search protocol. > >> The code is working as expected. We might want to change it when other >> protocols as tcp and udp needs to be supported, because then it might >> not make sense to fallback back to all other supported protocols, but >> chances are that this will never happen. > As discussed on IRC with Sumit, we are probably only going to use TCP and UDP anyway, so we're not going to over-engineer the solution. >> But I think it is a good idea to document the changes in the man pages, >> too. Especially the behaviour of the krb5 provider where there is a >> fallback from udp to tcp and where the Kerberos library will always try >> udp first independent of the result of the DNS SRV lookup. > Done, new patch attached.

From d6e0b82aa01cf5bd017c48ed2fbf70d34ce6bc6f Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhrozek(a)redhat.com&gt; Date: Thu, 25 Nov 2010 11:08:37 +0100 Subject: [PATCH] Allow protocol fallback for SRV queries https://fedorahosted.org/sssd/ticket/691 --- src/man/include/service_discovery.xml | 7 +++++++ src/man/sssd-krb5.5.xml | 5 +++++ src/man/sssd-ldap.5.xml | 5 +++++ src/providers/data_provider_fo.c | 25 ++++++++++++++++++++++--- src/providers/dp_backend.h | 10 ++++++++-- src/providers/fail_over.c | 4 ++-- src/providers/ipa/ipa_common.c | 2 +- src/providers/krb5/krb5_common.c | 2 +- src/providers/ldap/ldap_common.c | 5 ++--- 9 files changed, 53 insertions(+), 12 deletions(-) diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml index d33b4c2..8a98a6b 100644 --- a/src/man/include/service_discovery.xml +++ b/src/man/include/service_discovery.xml @@ -31,6 +31,13 @@ manual page for more defails. </para> </refsect2> + <refsect2 id='domain_name'>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/29/2010 12:07 PM, Sumit Bose wrote: > On Mon, Nov 29, 2010 at 11:29:39AM +0100, Jakub Hrozek wrote: > On 11/26/2010 11:59 AM, Sumit Bose wrote: >>>> On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: >>>> https://fedorahosted.org/sssd/ticket/691 >>>> >>>> In this version of patch, I only allowed the fallback in Kerberos where >>>> I also switched from TCP do UDP as the default search protocol. >>>> >>>>> The code is working as expected. We might want to change it when other >>>>> protocols as tcp and udp needs to be supported, because then it might >>>>> not make sense to fallback back to all other supported protocols, but >>>>> chances are that this will never happen. >>>> > > As discussed on IRC with Sumit, we are probably only going to use TCP > and UDP anyway, so we're not going to over-engineer the solution. > >>>>> But I think it is a good idea to document the changes in the man pages, >>>>> too. Especially the behaviour of the krb5 provider where there is a >>>>> fallback from udp to tcp and where the Kerberos library will always try >>>>> udp first independent of the result of the DNS SRV lookup. >>>> > > Done, new patch attached. diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml index d33b4c2..8a98a6b 100644 - --- a/src/man/include/service_discovery.xml +++ b/src/man/include/service_discovery.xml @@ -31,6 +31,13 @@ manual page for more defails. </para> </refsect2> + <refsect2 id='domain_name'> > this id is already used in the paragraph above. Thanks for the review, please see the attached patch.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkz0m8IACgkQHsardTLnvCWhUgCfS4VGje6DyOv5P9f9XTIKlAKk e+wAnRjeLiUuq0LDRWgPisjzoMoL7BJX =MKcH -----END PGP SIGNATURE-----