On Mon, 2017-07-10 at 16:04 +0200, Jakub Hrozek wrote:
> On Tue, Jul 04, 2017 at 12:38:46AM +0300, Timo Aaltonen wrote:
> > On 31.05.2017 10:53, Jakub Hrozek wrote:
> > > On Wed, May 31, 2017 at 08:19:56AM +1000, Lachlan Musicman wrote:
> > > > Hi all,
> > > >
> > > > I noticed a while ago that 1.15.3 was versioned in the repo but I've not
> > > > seen anything released? I'm mostly looking on the COPR
> > > > (
> > > > https://pagure.io/SSSD/sssd/c/012ee7c3fe24a5e75d9b0465268c1bb8187b8337?branch=master
> > > > )
> > > >
> > > > This is purely selfish - I love all that you do, and I'm aware that
> > > > there
> > > > has been some fairly comprehensive infrastructural change.
> > > >
> > > > I'm just waiting on that one fix and have no roadmap visibility :)
> > >
> > > Sorry, I agree our roadmap is not entirely clear.
> > >
> > > 1.15.3 will be released during June, most fixes planned for that release
> > > are either in or being reviewed.
> > Freeipa 4.5.2 depends on a feature not available in 1.15.2, which feels
> > a bit backwards as it's a point-release which I think should not depend
> > on a not-yet-released features..
> You are right and I didn't realize that there was this dependency.
> The current status of 1.15.3 release is that we need to fix:
> https://pagure.io/SSSD/sssd/issue/3441 - secondary group membership
> resolution of AD user fails if user information from other trusted
> domain is fetched first - this is a regression I would really not
> like to see in a release
> Currently the 1.15.3 milestone also contains
> https://pagure.io/SSSD/sssd/issue/3420 which is quite important but I
> wouldn't hold the release over this bug and
> https://pagure.io/SSSD/sssd/issue/3406 which is also a regression, but
> at the same time a bit of a corner case, so I'd be personally fine with
> moving this to 1.15.4..
Not a corner case here, every suspend over night causes it.
The fix is so simple I am surprised you haven't done it yet, just
revert the KRB5KRB_AP_ERR_TKT_EXPIRED part of the offending commit.
That part was not not needed anyway as far as I can tell.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org