On Thu, Aug 18, 2011 at 04:48:32PM +0200, Jan Zelený wrote: > > On Wed, Aug 17, 2011 at 04:58:05PM +0200, Jakub Hrozek wrote: > > > On Wed, Aug 17, 2011 at 01:15:31PM +0200, Jakub Hrozek wrote: > > > > https://fedorahosted.org/sssd/ticket/924 started as a segfault ticket > > > > but we could never reproduce the crash afterwards. > > > > > > > > As Sumit noted it might have been caused by setting the O_NONBLOCK flag > > > > twice. However, the changes Sumit proposed in the ticket still make > > > > sense because they provide much cleaner solution. > > > > > > > > Attached are two patches: > > > > > > > > [PATCH 1/2] Provide means of forcing TLS and GSSAPI enabled/disabled > > > > for sdap connections > > > > > > > > This will be used to force TLS on the auth connection only and allow > > > > staying on GSSAPI-backed ID connection for the rest of the request. > > > > > > Self-nack on patch #1, it is not complete. I'll provide an updated > > > version later. > > > > New patches attached. > > The patches look fine, but I didn't manage to set up environment to test the > new behavior. Nothing seems to be broken though
If you have a running IPA server you can remove the krbPrincipalKey attribute from a user but keep userPassword. This should trigger sssd to run the migration code if you try to log in as this user. HTH bye, Sumit > > Jan > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel