URL: https://github.com/SSSD/sssd/pull/5464 Author: sumit-bose Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin Action: opened
PR body: """ None """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5464/head:pr5464 git checkout pr5464
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
sumit-bose commented: """
The fix will work until we release 1.20, and then you'll have to change it again. I suggest only checking a minimum version until it's known that there is a maximum one.
Hi,
jfyi, the check was added to make sure there are no changes in `authdata_plugin.h`, which afaik is still not a public interface, in a new version of MIT Kerberos. SSSD implements this plugin so that the PAC is send to SSSD to be able to derive the group-memberships of the user from the PAC. For this we have the information from `authdata_plugin.h` in SSSD's tree. So the maximum version is always the latest major release.
Originally I was told that the interface is not stable enough to make to public, but since this was years ago and the interface didn't change it might be worth to open a ticket and ask again.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-762964638
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented: """ Understood, but... right now all that happens is sssd fails to build until someone goes and looks. I can try to remember that you're doing this, but that's best-effort :)
I don't believe our position on this has changed upstream, especially since PAC processing is being reconsidered right now. """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-763080957
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
alexey-tikhonov commented: """
Understood, but... right now all that happens is sssd fails to build until someone goes and looks.
But this gives us an opportunity to check if new krb5 version didn't change anything in this respect, right? IIUC, otherwise we risk it builds, but fails in some obscure way? """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764578608
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
sumit-bose commented: """
Understood, but... right now all that happens is sssd fails to build until someone goes and looks.
But this gives us an opportunity to check if new krb5 version didn't change anything in this respect, right? IIUC, otherwise we risk it builds, but fails in some obscure way?
Yes, seeing and fixing the build error is quite easy while running into an issue at runtime because the interface changed might be hard to debug.
bye, Sumit
"""
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764640242
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
alexey-tikhonov commented: """ @frozencemetery , are you still strongly opposite? """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764854452
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
alexey-tikhonov commented: """ Hi @frozencemetery, are you still opposite? """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764854452
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented: """ Thanks for checking. It was not my intent to indicate strong opposition, merely to raise the question. It sounds like SSSD is fine with this intentional breakage, so as long as I'm not getting the bugs about it, it's fine with me if you want to do that :) """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764920576
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented: """ Thanks for checking. It was not my intent to indicate strong opposition, merely to raise the question. It sounds like SSSD is fine with this intentional breakage, so as long as I'm not getting the bugs about it, it's fine with me if you want to do it this way :) """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764920576
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
alexey-tikhonov commented: """ Ok. ACK. """
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-764943634
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5464
* `master` * e7fb88fc6ffd1373a752ceada30d20eddc00a435 - BUILD: Accept krb5 1.19 for building the PAC plugin
"""
See the full comment at https://github.com/SSSD/sssd/pull/5464#issuecomment-765350226
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5464 Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5464 Author: sumit-bose Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5464/head:pr5464 git checkout pr5464
sssd-devel@lists.fedorahosted.org
-
alexey-tikhonov -
frozencemetery
-
pbrezina
-
sumit-bose