On Wed, Aug 01, 2012 at 04:08:54PM -0400, Simo Sorce wrote: > On Wed, 2012-08-01 at 21:38 +0200, Jakub Hrozek wrote: > > On Wed, Aug 01, 2012 at 03:21:33PM -0400, Simo Sorce wrote: > > > On Wed, 2012-08-01 at 21:09 +0200, Jakub Hrozek wrote: > > > > On Wed, Aug 01, 2012 at 07:13:22PM +0200, Jakub Hrozek wrote: > > > > > When new subdomains are discovered, the SSSD creates a file that > > > > > includes the domain-realm mappings. This file can in turn be included > > > > > in > > > > > the krb5.conf using the includedir directive, such as: > > > > > > > > > > includedir /var/lib/sss/pubconf/realm_mappings > > > > > > > > > > The other part of the work is changing ipa-client such that the above > > > > > line is added to krb5.conf when the client is installed. > > > > > > > > Simo nacked the origial patch on IRC. > > > > > > > > I made the following changes: > > > > * the directory is now called krb5.include.d. In the future we might > > > > want to include other config snippets than domain-realm mappings > > > > * fprintf is used to write the contents instead of first > > > > constructing the contents and then writing > > > > * the file is first created with mkstemp's default restrictive > > > > permissions and then chmod-ed to be readable > > > > * failure to write the file is not fatal anymore > > > > > > NACK, ret is overwritten in erro conditions if fstream or tmp_path are > > > not NULL. > > > > > > Simo. > > > > Thank you, a new patch is attached. The attached version also owns the > > new directory in the specfile. > > ACK, > > Simo.
Pushed to master. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel