subject:"\[SSSD\] \[sssd PR#15\] Avoid returning System Error on clock skew \(comment\)"

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-13 Thread lslebodn

lslebodn commented on a pull request

"""
On (13/09/16 06:07), sumit-bose wrote:
>I think it is still an ACK.
>
master:
* d3348f49260998880bb7cd3b2fb72d562b1b7a64

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-246680797
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-13 Thread sumit-bose

sumit-bose commented on a pull request

"""
I think it is still an ACK.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-246674999
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-13 Thread lslebodn

lslebodn commented on a pull request

"""
On (07/09/16 10:13), Jakub Hrozek wrote:
>On Tue, Sep 06, 2016 at 06:09:58AM -0700, Jakub Hrozek wrote:
>> good idea
>
>ah, only when I started to implement this I realized it's already done :)
>
>See:
>
> https://github.com/SSSD/sssd/blob/master/src/providers/krb5/krb5_child.c#L1364
>in the current master, KRB5_CHILD_DEBUG() expands into sss_log() as well
>unconditionally.
>
Does it mean that the latest version of patch is Accepted?
Or what is a state of this patch?

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-246661975
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-07 Thread jhrozek

jhrozek commented on a pull request

"""
On Tue, Sep 06, 2016 at 06:09:58AM -0700, Jakub Hrozek wrote:
> good idea

ah, only when I started to implement this I realized it's already done :)

See:

https://github.com/SSSD/sssd/blob/master/src/providers/krb5/krb5_child.c#L1364
in the current master, KRB5_CHILD_DEBUG() expands into sss_log() as well
unconditionally.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-245351855
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread jhrozek

jhrozek commented on a pull request

"""
good idea
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244944667
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread sumit-bose

sumit-bose commented on a pull request

"""
On Tue, Sep 06, 2016 at 04:51:26AM -0700, Jakub Hrozek wrote:
> Thanks for the ack, I would also like to ask @sumit-bose if he agrees with 
> the change.

Since we already handle other clock skew related error codes the same
way I think it is ok. But I wonder if a clock-skew is something which
qualifies for a syslog messages to make the admin aware that there is
something which needs fixing?

> 
> -- 
> You are receiving this because you were mentioned.
> Reply to this email directly or view it on GitHub:
> https://github.com/SSSD/sssd/pull/15#issuecomment-244927163

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244943779
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread sumit-bose

sumit-bose commented on a pull request

"""
On Tue, Sep 06, 2016 at 05:37:14AM -0700, Pavel Březina wrote:
> On 09/06/2016 02:21 PM, Jakub Hrozek wrote:
> > On Tue, Sep 06, 2016 at 05:10:07AM -0700, Pavel Březina wrote:
> >  > On 09/06/2016 01:51 PM, Jakub Hrozek wrote:
> >  > > Thanks for the ack, I would also like to ask @sumit-bose
> >  > >  if he agrees with the change.
> >  >
> >  > Btw since clock skew is not fatal anymore, is it possible for us to
> >  > actually perform online authentication?
> >
> > The TGT times are generated on the server and the error usually happens
> > only when the client attempts to use the TGT for something like FAST
> > tunnel establishment or TGT validation. See Sumit's reply here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1373427#c4
> >
> > (that's why I wanted him to confirm this is a good idea)
> 
> AFAIK kinit's magic applies clock skew to the timestamp in the ticket 
> and compares times within the client's range. I'm just asking if there 
> is something similar we can do in SSSD:

iirc this magic is applied to the timestamps used in the "default"
pre-authentication method where encrypted timestamps are send around.
This does not related to the timestamps in the tickets.

> 
> 
> 
> -- 
> You are receiving this because you were mentioned.
> Reply to this email directly or view it on GitHub:
> https://github.com/SSSD/sssd/pull/15#issuecomment-244936798

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244943023
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread pbrezina

pbrezina commented on a pull request

"""
On 09/06/2016 02:21 PM, Jakub Hrozek wrote:
> On Tue, Sep 06, 2016 at 05:10:07AM -0700, Pavel Březina wrote:
>  > On 09/06/2016 01:51 PM, Jakub Hrozek wrote:
>  > > Thanks for the ack, I would also like to ask @sumit-bose
>  > >  if he agrees with the change.
>  >
>  > Btw since clock skew is not fatal anymore, is it possible for us to
>  > actually perform online authentication?
>
> The TGT times are generated on the server and the error usually happens
> only when the client attempts to use the TGT for something like FAST
> tunnel establishment or TGT validation. See Sumit's reply here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1373427#c4
>
> (that's why I wanted him to confirm this is a good idea)

AFAIK kinit's magic applies clock skew to the timestamp in the ticket 
and compares times within the client's range. I'm just asking if there 
is something similar we can do in SSSD:


"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244936798
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread jhrozek

jhrozek commented on a pull request

"""
On Tue, Sep 06, 2016 at 05:10:07AM -0700, Pavel Březina wrote:
> On 09/06/2016 01:51 PM, Jakub Hrozek wrote:
> > Thanks for the ack, I would also like to ask @sumit-bose
> >  if he agrees with the change.
> 
> Btw since clock skew is not fatal anymore, is it possible for us to 
> actually perform online authentication?

The TGT times are generated on the server and the error usually happens
only when the client attempts to use the TGT for something like FAST
tunnel establishment or TGT validation. See Sumit's reply here:
https://bugzilla.redhat.com/show_bug.cgi?id=1373427#c4

(that's why I wanted him to confirm this is a good idea)

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244933263
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread pbrezina

pbrezina commented on a pull request

"""
On 09/06/2016 01:51 PM, Jakub Hrozek wrote:
> Thanks for the ack, I would also like to ask @sumit-bose
>  if he agrees with the change.

Btw since clock skew is not fatal anymore, is it possible for us to 
actually perform online authentication?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244930861
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

2016-09-06 Thread jhrozek

jhrozek commented on a pull request

"""
Thanks for the ack, I would also like to ask @sumit-bose if he agrees with the 
change.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/15#issuecomment-244927163
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

[SSSD] [sssd PR#15] Avoid returning System Error on clock skew (comment)

11 matches

Site Navigation

Mail list logo

Footer information