Re: [SSSD] [PATCH] Allow new option to specify principal for FAST

Stephen Gallagher wrote: > On 03/30/2011 08:44 AM, Stephen Gallagher wrote: > > On 03/29/2011 09:23 AM, Jan Zelený wrote: > >> Stephen Gallagher wrote: > >>> On 03/29/2011 03:53 AM, Jan Zelený wrote: > I'm not entirely sure if I got the feature request right but in case I > didn't I hav

Re: [SSSD] [PATCH] Select principal for GSSAPI authentication

Stephen Gallagher wrote: > If SDAP_SASL_AUTHID is specified, then ONLY this auth ID is allowable. > If the keytab doesn't contain it, we need to fail. > > If SDAP_SASL_REALM is specified, then only the REALM portion is > mandatory (if we have no entries for this realm in the keytab, we need > to

Re: [SSSD] [PATCH] Fall back to cn if gecos is not available

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 04:47 AM, Jan Zelený wrote: > Stephen Gallagher wrote: >> We were not fully compliant with section 5.3 of RFC 2307 which >> states: >> >>An account's GECOS field is preferably determined by a value of the >>gecos attribute. If no

Re: [SSSD] [PATCH] Allow new option to specify principal for FAST

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 08:44 AM, Stephen Gallagher wrote: > On 03/29/2011 09:23 AM, Jan Zelený wrote: >> Stephen Gallagher wrote: >>> On 03/29/2011 03:53 AM, Jan Zelený wrote: I'm not entirely sure if I got the feature request right but in case I did

Re: [SSSD] [PATCH] Allow new option to specify principal for FAST

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/29/2011 09:23 AM, Jan Zelený wrote: > Stephen Gallagher wrote: >> On 03/29/2011 03:53 AM, Jan Zelený wrote: >>> I'm not entirely sure if I got the feature request right but in case I >>> didn't I have already another patch prepared. >>> >>> http

Re: [SSSD] [PATCH] Select principal for GSSAPI authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 04:07 AM, Jan Zelený wrote: > Hi, > I'm sending corrected patches. All your suggestions and objections have been > addressed except maybe for this: > >> If the SDAP_SASL_AUTHID has been explicitly set, but the SDAP_SASL_REALM >> hasn't,

Re: [SSSD] [PATCH] Fall back to cn if gecos is not available

Stephen Gallagher wrote: > We were not fully compliant with section 5.3 of RFC 2307 which > states: > >An account's GECOS field is preferably determined by a value of the >gecos attribute. If no gecos attribute exists, the value of the cn >attribute MUST be used. (The existence of the

Re: [SSSD] [PATCH] Select principal for GSSAPI authentication

Hi, I'm sending corrected patches. All your suggestions and objections have been addressed except maybe for this: > If the SDAP_SASL_AUTHID has been explicitly set, but the SDAP_SASL_REALM > hasn't, why are you overriding SDAP_SASL_AUTHID with > select_principal_from_keytab()? I agree with you t