On 09/22/2013 09:06 PM, Jakub Hrozek wrote:
Hi,
I was playing with different offline krb5 authentication ways today when
testing Sumit's patches and I don't think the offline authentication of
subdomain users was correct. Attached are two patches -- one is just a
better error code, the other actually makes the SSSD search for the
right user entry during krb5 offline auth.
To test the first one, pause of shutdown a trusted AD while remaining
connected to the root domain AD.
Ack.
You could also use state->sysdb directly and be consistent with rest of
the code in krb5_auth.c but...
We should decide whether to use state->domain->sysdb or state->sysdb and
be always consistent in future development. I'd prefer the first one,
since sysdb is very much bounded to a domain (now with subdomains more
than ever) and it makes it clear.
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
