On Thu, Aug 18, 2011 at 05:38:11PM +0200, Sumit Bose wrote: > On Thu, Aug 18, 2011 at 04:48:32PM +0200, Jan Zelený wrote: > > > On Wed, Aug 17, 2011 at 04:58:05PM +0200, Jakub Hrozek wrote: > > > > On Wed, Aug 17, 2011 at 01:15:31PM +0200, Jakub Hrozek wrote: > > > > > https://fedorahosted.org/sssd/ticket/924 started as a segfault ticket > > > > > but we could never reproduce the crash afterwards. > > > > > > > > > > As Sumit noted it might have been caused by setting the O_NONBLOCK > > > > > flag > > > > > twice. However, the changes Sumit proposed in the ticket still make > > > > > sense because they provide much cleaner solution. > > > > > > > > > > Attached are two patches: > > > > > > > > > > [PATCH 1/2] Provide means of forcing TLS and GSSAPI enabled/disabled > > > > > for sdap connections > > > > > > > > > > This will be used to force TLS on the auth connection only and allow > > > > > staying on GSSAPI-backed ID connection for the rest of the request. > > > > > > > > Self-nack on patch #1, it is not complete. I'll provide an updated > > > > version later. > > > > > > New patches attached. > > > > The patches look fine, but I didn't manage to set up environment to test > > the > > new behavior. Nothing seems to be broken though > > If you have a running IPA server you can remove the krbPrincipalKey > attribute from a user but keep userPassword. This should trigger sssd to > run the migration code if you try to log in as this user. > > HTH > > bye, > Sumit >
If that doesn't work for you, feel free to ping me off list and use my test environment. _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
