On Thu, 2013-07-18 at 18:37 +0300, Alexander Bokovoy wrote: > Hi! > > Attached patches make possible to use HTTP/ipa.server@REALM to query AD > DC over LDAP immediately after trust is established. We need this to get > range discovery working prior to creating range for trusted domain. > > The patch 0109 makes KDC hostname cached on ipadb context to avoid > resolving own hostname multiple times. > > The patch 0110 depends on ulc_casemap patches by Nathaniel and makes > exception for HTTP/ipa.server@REALM when TGT is requested and MS-PAC is > asked for -- we force refreshing list of trusted domains here. > > More details are available in the commit logs.
I do not think that changing reinit interval is the right thing to do. I would rather pass a boolean that tells reinit to check if we have any trust info, and if not unconditionally try to reinit immediately. I see that you treat the interval sort of like a boolean but then you just race hoping the previous reload w/o trust info happened more than 1 second earlier. I think and explicit "bool force_reload" flag would be much clearer. Otherwise ack. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
