-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
The code is working as expected. We might want to change it when other protocols as tcp and udp needs to be supported, because then it might not make sense to fallback back to all other supported protocols, but chances are that this will never happen.
But I think it is a good idea to document the changes in the man pages, too. Especially the behaviour of the krb5 provider where there is a fallback from udp to tcp and where the Kerberos library will always try udp first independent of the result of the DNS SRV lookup.
Please tell me if you do not have a chance to extend the man pages. Then I'll ACK the patch as it is and will add man page changes myself.
bye, Sumit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzucFYACgkQHsardTLnvCUXuwCg08MoP8n+C4HZ7Ur0DTvjpAnF nJ0AnAsqw0PmyrHMyRfkAxj9mF5eEBpi =yxq5 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/26/2010 11:59 AM, Sumit Bose wrote:
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
The code is working as expected. We might want to change it when other protocols as tcp and udp needs to be supported, because then it might not make sense to fallback back to all other supported protocols, but chances are that this will never happen.
As discussed on IRC with Sumit, we are probably only going to use TCP and UDP anyway, so we're not going to over-engineer the solution.
But I think it is a good idea to document the changes in the man pages, too. Especially the behaviour of the krb5 provider where there is a fallback from udp to tcp and where the Kerberos library will always try udp first independent of the result of the DNS SRV lookup.
Done, new patch attached.
On Mon, Nov 29, 2010 at 11:29:39AM +0100, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/26/2010 11:59 AM, Sumit Bose wrote:
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
The code is working as expected. We might want to change it when other protocols as tcp and udp needs to be supported, because then it might not make sense to fallback back to all other supported protocols, but chances are that this will never happen.
As discussed on IRC with Sumit, we are probably only going to use TCP and UDP anyway, so we're not going to over-engineer the solution.
But I think it is a good idea to document the changes in the man pages, too. Especially the behaviour of the krb5 provider where there is a fallback from udp to tcp and where the Kerberos library will always try udp first independent of the result of the DNS SRV lookup.
Done, new patch attached. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzzgJMACgkQHsardTLnvCXiWwCg4sM+d/QRaDvogtjSs9FUkq6w p/0An1P6SPttscZOk5hBf9duCfXHPcWN =L/dQ -----END PGP SIGNATURE-----
From d6e0b82aa01cf5bd017c48ed2fbf70d34ce6bc6f Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Thu, 25 Nov 2010 11:08:37 +0100 Subject: [PATCH] Allow protocol fallback for SRV queries
https://fedorahosted.org/sssd/ticket/691
src/man/include/service_discovery.xml | 7 +++++++ src/man/sssd-krb5.5.xml | 5 +++++ src/man/sssd-ldap.5.xml | 5 +++++ src/providers/data_provider_fo.c | 25 ++++++++++++++++++++++--- src/providers/dp_backend.h | 10 ++++++++-- src/providers/fail_over.c | 4 ++-- src/providers/ipa/ipa_common.c | 2 +- src/providers/krb5/krb5_common.c | 2 +- src/providers/ldap/ldap_common.c | 5 ++--- 9 files changed, 53 insertions(+), 12 deletions(-)
diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml index d33b4c2..8a98a6b 100644 --- a/src/man/include/service_discovery.xml +++ b/src/man/include/service_discovery.xml @@ -31,6 +31,13 @@ manual page for more defails. </para> </refsect2>
<refsect2 id='domain_name'>
this id is already used in the paragraph above.
bye, Sumit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/29/2010 12:07 PM, Sumit Bose wrote:
On Mon, Nov 29, 2010 at 11:29:39AM +0100, Jakub Hrozek wrote: On 11/26/2010 11:59 AM, Sumit Bose wrote:
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
The code is working as expected. We might want to change it when other protocols as tcp and udp needs to be supported, because then it might not make sense to fallback back to all other supported protocols, but chances are that this will never happen.
As discussed on IRC with Sumit, we are probably only going to use TCP and UDP anyway, so we're not going to over-engineer the solution.
But I think it is a good idea to document the changes in the man pages, too. Especially the behaviour of the krb5 provider where there is a fallback from udp to tcp and where the Kerberos library will always try udp first independent of the result of the DNS SRV lookup.
Done, new patch attached.
diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml index d33b4c2..8a98a6b 100644 - --- a/src/man/include/service_discovery.xml +++ b/src/man/include/service_discovery.xml @@ -31,6 +31,13 @@ manual page for more defails. </para> </refsect2> + <refsect2 id='domain_name'>
this id is already used in the paragraph above.
Thanks for the review, please see the attached patch.
On Tue, Nov 30, 2010 at 07:38:13AM +0100, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/29/2010 12:07 PM, Sumit Bose wrote:
On Mon, Nov 29, 2010 at 11:29:39AM +0100, Jakub Hrozek wrote: On 11/26/2010 11:59 AM, Sumit Bose wrote:
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote: https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where I also switched from TCP do UDP as the default search protocol.
The code is working as expected. We might want to change it when other protocols as tcp and udp needs to be supported, because then it might not make sense to fallback back to all other supported protocols, but chances are that this will never happen.
As discussed on IRC with Sumit, we are probably only going to use TCP and UDP anyway, so we're not going to over-engineer the solution.
But I think it is a good idea to document the changes in the man pages, too. Especially the behaviour of the krb5 provider where there is a fallback from udp to tcp and where the Kerberos library will always try udp first independent of the result of the DNS SRV lookup.
Done, new patch attached.
diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml index d33b4c2..8a98a6b 100644
- --- a/src/man/include/service_discovery.xml
+++ b/src/man/include/service_discovery.xml @@ -31,6 +31,13 @@ manual page for more defails. </para> </refsect2>
<refsect2 id='domain_name'>
this id is already used in the paragraph above.
Thanks for the review, please see the attached patch.
ACK
bye, Sumit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkz0m8IACgkQHsardTLnvCWhUgCfS4VGje6DyOv5P9f9XTIKlAKk e+wAnRjeLiUuq0LDRWgPisjzoMoL7BJX =MKcH -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/30/2010 05:19 AM, Sumit Bose wrote:
On Tue, Nov 30, 2010 at 07:38:13AM +0100, Jakub Hrozek wrote:
Thanks for the review, please see the attached patch.
ACK
Pushed to master.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Stephen Gallagher -
Sumit Bose