On Fri, Sep 27, 2013 at 12:51:26PM +0200, Jakub Hrozek wrote: > On Fri, Sep 27, 2013 at 12:35:57PM +0200, Pavel Březina wrote: > > On 09/22/2013 09:06 PM, Jakub Hrozek wrote: > > >Hi, > > > > > >I was playing with different offline krb5 authentication ways today when > > >testing Sumit's patches and I don't think the offline authentication of > > >subdomain users was correct. Attached are two patches -- one is just a > > >better error code, the other actually makes the SSSD search for the > > >right user entry during krb5 offline auth. > > > > > >To test the first one, pause of shutdown a trusted AD while remaining > > >connected to the root domain AD. > > > > Ack. > > > > You could also use state->sysdb directly and be consistent with rest > > of the code in krb5_auth.c but... > > > > We should decide whether to use state->domain->sysdb or state->sysdb > > and be always consistent in future development. I'd prefer the first > > one, since sysdb is very much bounded to a domain (now with > > subdomains more than ever) and it makes it clear. > > I was actually wondering whether the consumers of sss_domain_info need > access to the sysdb pointer at all. The sysdb pointer seems like > something that should only be consumed by the sysdb interface.
Thank you for the review, pushed to master and sssd-1-11 _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
