On 2/25/16 2:08 AM, Michael Paquier wrote: > On Wed, Feb 24, 2016 at 7:12 PM, Robbie Harwood <rharw...@redhat.com> wrote: >> >> Not that I can immediately see. As long as the client and server are >> both patched, everything should work. My process is the same as with >> previous versions of this patchset [0], and though I'm using FreeIPA >> there is no reason it shouldn't work with any other KDC (MIT, for >> instance[1]) provided the IPA calls are converted. > > I used a custom krb5kdc set up manually, and all my connection > attempts are working on HEAD, not with your patch (both client and > server patched).
I've got the same setup with the same results. >> I am curious, though - I haven't changed any of the authentication code >> in v4/v5 from what's in ~master, so how often can you log in using >> GSSAPI using master? > > My guess is that there is something not been correctly cleaned up when > closing the connection. The first attempt worked for me, not after. I was able to get in again after a number of failed attempts, though the number varied. -- -David da...@pgmasters.net
signature.asc
Description: OpenPGP digital signature