-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
This patch was rebased on top of Sumit's tevent_req rewrite of krb_auth.c on the sssd-1-2 branch.
It also handles the case where the child times out and removes the special-casing of SSS_PAM_CHAUTHTOK in krb5_resolve_kdc_done(). The special casing didn't in fact have any effect as when using KDC for password changes we don't distinguish between the kdc and kpasswd service (they use the same "port" in terms of failover).
On Fri, Apr 30, 2010 at 05:36:27PM +0200, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
This patch was rebased on top of Sumit's tevent_req rewrite of krb_auth.c on the sssd-1-2 branch.
It also handles the case where the child times out and removes the special-casing of SSS_PAM_CHAUTHTOK in krb5_resolve_kdc_done(). The special casing didn't in fact have any effect as when using KDC for password changes we don't distinguish between the kdc and kpasswd service (they use the same "port" in terms of failover).
ACK.
bye, Sumit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkva+PoACgkQHsardTLnvCX0XACfWTfPs9OljR9jrQN5pnBB2rF8 BAsAoJTA/JOLnbmdldTo/3xZQgBRRs6D =inHf -----END PGP SIGNATURE-----
On 05/03/2010 05:53 AM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 05:36:27PM +0200, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
This patch was rebased on top of Sumit's tevent_req rewrite of krb_auth.c on the sssd-1-2 branch.
It also handles the case where the child times out and removes the special-casing of SSS_PAM_CHAUTHTOK in krb5_resolve_kdc_done(). The special casing didn't in fact have any effect as when using KDC for password changes we don't distinguish between the kdc and kpasswd service (they use the same "port" in terms of failover).
ACK.
Pushed to master and sssd-1-2
On 05/03/2010 01:54 PM, Stephen Gallagher wrote:
On 05/03/2010 05:53 AM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 05:36:27PM +0200, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Kerberos backend would previously try only the first server and if it was unreachable, it immediatelly went offline.
This patch was rebased on top of Sumit's tevent_req rewrite of krb_auth.c on the sssd-1-2 branch.
It also handles the case where the child times out and removes the special-casing of SSS_PAM_CHAUTHTOK in krb5_resolve_kdc_done(). The special casing didn't in fact have any effect as when using KDC for password changes we don't distinguish between the kdc and kpasswd service (they use the same "port" in terms of failover).
ACK.
Pushed to master and sssd-1-2
Correction, this was pushed only to sssd-1-2
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Stephen Gallagher -
Sumit Bose