On Sat, Dec 06, 2014 at 11:39:38PM +0100, Lukas Slebodnik wrote:
On (05/12/14 13:37), Sumit Bose wrote:
>Hi,
>
>with the copy_keytab patch I added a call to krb5_kt_have_content()
>which is only available in MIT Kerberos 1.11 and newer. This patch adds
>a wrapper call.
>
>bye,
>Sumit
>From 8ff83e6f82531f177fc6b9c10d0d218ec370c5e0 Mon Sep 17 00:00:00 2001
>From: Sumit Bose <sbose(a)redhat.com>
>Date: Fri, 5 Dec 2014 13:23:12 +0100
>Subject: [PATCH] krb5: add wrapper for krb5_kt_have_content()
>
>krb5_kt_have_content() was introduced in MIT Kerberos 1.11. For older
>platforms this patch adds sss_krb5_kt_have_content() as a wrapper.
>
>Resolves
https://fedorahosted.org/sssd/ticket/2518
>---
wrapper for older versions works fine with krb5-1.10
The implementation is almost the same as MIT implementation of
krb5_kt_have_content.
ACK
BTW
I'm not sure whether it is related to this patch, but there are failed test
for "null principal"
[domain/asasd]
//snip
krb5_use_fast = demand
krb5_fast_principal =
It was possible to authenticate with older version of sssd => *REGRESSION*
Another failed test use similar configuration
[domain/asasd]
//snip
krb5_use_fast = demand
krb5_fast_principal =
krb5_validate = true
Do you know if the tests you ran were using the same libini version as
the ones that were passing? If not, just please create a ticket.
Finally, the last failed test is regression test for ticket
https://fedorahosted.org/sssd/ticket/1288
This test failed because '/var/log/messages' does not contain '[default]'
This is a small bug because Linux's glibc handles NULL parameters, but
it's a bug nonetheless.
I would contest grepping the logs for [default], but using a NULL
pointer even for printf arguments doesn't sound like a good idea.