URL: https://github.com/SSSD/sssd/pull/5450
Title: #5450: kcm: add support for kerberos tgt renewals
frozencemetery commented:
"""
> thanks for the effort. What would be your suggestion for the way forward? We
> can add a configure check if the new functions are alre
URL: https://github.com/SSSD/sssd/pull/5450
Title: #5450: kcm: add support for kerberos tgt renewals
frozencemetery commented:
"""
The krb5 PR has merged upstream. For convenience, I've backported the two
functions to Fedora rawhide starting in krb5-1.19-0.beta2.3.fc3
URL: https://github.com/SSSD/sssd/pull/5464
Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented:
"""
Thanks for checking. It was not my intent to indicate strong opposition,
merely to raise the question. It sounds like SSSD is
URL: https://github.com/SSSD/sssd/pull/5464
Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented:
"""
Thanks for checking. It was not my intent to indicate strong opposition,
merely to raise the question. It sounds like SSSD is
URL: https://github.com/SSSD/sssd/pull/5450
Title: #5450: kcm: add support for kerberos tgt renewals
frozencemetery commented:
"""
Hi, you've written "fixed" below several things, but the code isn't change.
Are you missing a push?
"""
See
URL: https://github.com/SSSD/sssd/pull/5464
Title: #5464: BUILD: Accept krb5 1.19 for building the PAC plugin
frozencemetery commented:
"""
Understood, but... right now all that happens is sssd fails to build until
someone goes and looks. I can try to remember that you
URL: https://github.com/SSSD/sssd/pull/5450
Title: #5450: kcm: add support for kerberos tgt renewals
frozencemetery commented:
"""
(krb5 discussion PR: https://github.com/krb5/krb5/pull/1153 )
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5450
Title: #5450: kcm: add support for kerberos tgt renewals
frozencemetery commented:
"""
(I'll want to review this once it passes CI.)
"""
See the full comment at
https://github.com/SSSD/ss
URL: https://github.com/SSSD/sssd/pull/5407
Title: #5407: kcm: check socket path loaded from configuration
frozencemetery commented:
"""
Thanks!
"""
See the full comment at
https://github.com/SSSD/sssd/pull/5407#issuecomment-733217119
URL: https://github.com/SSSD/sssd/pull/5407
Title: #5407: kcm: check socket path loaded from configuration
frozencemetery commented:
"""
The idea behind failing fast is that it's very clear to the admin that it's
broken. But some projects don't like that :
URL: https://github.com/SSSD/sssd/pull/5407
Title: #5407: kcm: check socket path loaded from configuration
frozencemetery commented:
"""
(1) seems good - this is what krb5 does (minus the logging).'
(2) seems bad. Admin configuration shouldn't be overridden. If it
URL: https://github.com/SSSD/sssd/pull/5367
Title: #5367: pam: add pam_sss_gss module for gssapi authentication
frozencemetery commented:
"""
> the patches are not yet ready to be reviewed again.
Okay, just ping me when you want another review and I'll take a look.
"
URL: https://github.com/SSSD/sssd/pull/5367
Title: #5367: pam: add pam_sss_gss module for gssapi authentication
frozencemetery commented:
"""
I have started review though this is large and will take a bit.
Though on that subject: this is a fairly sizable change, and I don
URL: https://github.com/SSSD/sssd/pull/5367
Title: #5367: pam: add pam_sss_gss module for gssapi authentication
frozencemetery commented:
"""
(I plan to review this once CI passes.)
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/904
Title: #904: KCM: Set kdc_offset to zero initially
frozencemetery commented:
"""
Thanks for your patience while I was PTO.
In the abstract, I think that 0 makes a lot more sense as an "unset" value than
INT32_MAX :) rhbz#17
URL: https://github.com/SSSD/sssd/pull/883
Title: #883: Minor fixes to util/sss_krb5
frozencemetery commented:
"""
Yes, of course I object! You're claiming a double free; there's no double
free. You haven't found a security bug; you've found nothing a
URL: https://github.com/SSSD/sssd/pull/883
Title: #883: Minor fixes to util/sss_krb5
frozencemetery commented:
"""
I'm kind of confused that you think that, since we pretty clearly disagree: you
claim that you've found a double-free, and I'm telling you that
URL: https://github.com/SSSD/sssd/pull/838
Title: #838: FIPS140 compliant usage of PRNG
frozencemetery commented:
"""
In the FIPS case, you need to fail if RAND_bytes() fails; otherwise you're
noncompliant. If you want to use that in non-FIPS as well, I don't kn
URL: https://github.com/SSSD/sssd/pull/838
Title: #838: FIPS140 compliant usage of PRNG
frozencemetery commented:
"""
IMO, you should be using `getrandom()` (with no flags) in preference to srand,
or reading /dev/[u]random, etc. You're guaranteed to have getrandom from
URL: https://github.com/SSSD/sssd/pull/415
Title: #415: Revert "IPA: Only generate kdcinfo files on clients"
frozencemetery commented:
"""
Yeah, this is an alright workaround for now. I do plan to fix this misbehavior
in krb5, but you should do this in the meantime.
URL: https://github.com/SSSD/sssd/pull/214
Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented:
"""
@fidencio I don't know the codebase well enough to give ack, sorry (just to
complain about krb5 bits 😄).
"""
See the full
URL: https://github.com/SSSD/sssd/pull/214
Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented:
"""
@fidencio it looks like it's been addressed. Thanks for checking!
"""
See the full comment at
https://github.com/SSSD/s
URL: https://github.com/SSSD/sssd/pull/331
Title: #331: KCM: temporary increase hardcoded buffers
frozencemetery commented:
"""
Per @simo5's comments in the linked bug, tickets can easily reach 65k, so this
limit should maybe be higher.
"""
See the full
URL: https://github.com/SSSD/sssd/pull/214
Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented:
"""
I read the associated bug as suggesting doing this only when using AD, but this
patch does it unconditionally. I would prefer not doing this
24 matches
Mail list logo