On (10/07/17 14:49), Joakim Tjernlund wrote: >On Mon, 2017-07-10 at 16:04 +0200, Jakub Hrozek wrote: >> On Tue, Jul 04, 2017 at 12:38:46AM +0300, Timo Aaltonen wrote: >> > On 31.05.2017 10:53, Jakub Hrozek wrote: >> > > On Wed, May 31, 2017 at 08:19:56AM +1000, Lachlan Musicman wrote: >> > > > Hi all, >> > > > >> > > > I noticed a while ago that 1.15.3 was versioned in the repo but I've >> > > > not >> > > > seen anything released? I'm mostly looking on the COPR >> > > > ( >> > > > https://pagure.io/SSSD/sssd/c/012ee7c3fe24a5e75d9b0465268c1bb8187b8337?branch=master >> > > > ) >> > > > >> > > > This is purely selfish - I love all that you do, and I'm aware that >> > > > there >> > > > has been some fairly comprehensive infrastructural change. >> > > > >> > > > I'm just waiting on that one fix and have no roadmap visibility :) >> > > >> > > Sorry, I agree our roadmap is not entirely clear. >> > > >> > > 1.15.3 will be released during June, most fixes planned for that release >> > > are either in or being reviewed. >> > >> > Freeipa 4.5.2 depends on a feature not available in 1.15.2, which feels >> > a bit backwards as it's a point-release which I think should not depend >> > on a not-yet-released features.. >> >> You are right and I didn't realize that there was this dependency. >> >> The current status of 1.15.3 release is that we need to fix: >> https://pagure.io/SSSD/sssd/issue/3441 - secondary group membership >> resolution of AD user fails if user information from other trusted >> domain is fetched first - this is a regression I would really not >> like to see in a release >> >> Currently the 1.15.3 milestone also contains >> https://pagure.io/SSSD/sssd/issue/3420 which is quite important but I >> wouldn't hold the release over this bug and >> https://pagure.io/SSSD/sssd/issue/3406 which is also a regression, but >> at the same time a bit of a corner case, so I'd be personally fine with >> moving this to 1.15.4.. > >Not a corner case here, every suspend over night causes it. > >The fix is so simple I am surprised you haven't done it yet, just >revert the KRB5KRB_AP_ERR_TKT_EXPIRED part of the offending commit. >That part was not not needed anyway as far as I can tell.
Reverting changes in krb5_child is not the simples thing. It can break many cases in sssd (OTP, migration, certificates ...) I do not want to say that it would be the same with commit d3348f49260998880bb7cd3b2fb72d562b1b7a64 But it requires proper review and testing. Feel free to provide a test + revert patch. It's open source world. LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
