On Wed, Oct 02, 2013 at 04:37:57PM -0400, Simo Sorce wrote: > > > ----- Original Message ----- > > On 09/22/2013 09:06 PM, Jakub Hrozek wrote: > > > Hi, > > > > > > I was playing with different offline krb5 authentication ways today when > > > testing Sumit's patches and I don't think the offline authentication of > > > subdomain users was correct. Attached are two patches -- one is just a > > > better error code, the other actually makes the SSSD search for the > > > right user entry during krb5 offline auth. > > > > > > To test the first one, pause of shutdown a trusted AD while remaining > > > connected to the root domain AD. > > > > Ack. > > > > You could also use state->sysdb directly and be consistent with rest of > > the code in krb5_auth.c but... > > > > We should decide whether to use state->domain->sysdb or state->sysdb and > > be always consistent in future development. I'd prefer the first one, > > since sysdb is very much bounded to a domain (now with subdomains more > > than ever) and it makes it clear. > > +1 > > Not too long ago I went through a very painful set of patches to resolve > similar kind of issues all over the code, please do not reintroduce > inconsistencies, we do not want to go through and refactor all the code again > in a few months. > > Simo.
Did you also see my other reply? Would you agree with only even passing "sss_domain_info" and use the sysdb context inside sysdb modules? _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
