On Mon, Sep 23, 2013 at 10:05:30AM +0200, Sumit Bose wrote: > On Mon, Sep 23, 2013 at 09:42:14AM +0200, Jakub Hrozek wrote: > > On Sun, Sep 22, 2013 at 05:42:34PM +0200, Jakub Hrozek wrote: > > > On Fri, Sep 20, 2013 at 02:08:24PM +0200, Sumit Bose wrote: > > > > Hi, > > > > > > > > with the following two patches offline authentication in the AD provider > > > > is working again and https://fedorahosted.org/sssd/ticket/2060 should be > > > > fixed. > > > > > > > > I started working on a unit test for find_or_guess_upn() but it is not > > > > finished yet because of the number of internal structs needed which must > > > > be created manually. Since the patches were working well in my tests I > > > > decided to send the functional part first and send the tests later. > > > > > > > > bye, > > > > Sumit > > > > > > Hi, > > > > > > I think both patches are good. I tested offline and online auth both with > > > plain and enterprise principals and also deferred kinit and updating the > > > UPN from enterprise to plain. All cases I tested worked fine, so ACK. > > > > > > I think the krb5 child just has some subtle error reporting bugs, but > > > they are not related to this patch and we can fix them separately. > > > > Later I realized one thing, I wonder if it would be a good idea to call > > find_or_guess_upn() with the domain of the user instead of > > be_ctx->domain. But this doesn't seem to be affecting the current > > behaviour. > > The 6th argument of find_or_guess_upn is the domain name of the user. > be_ctx->domain is needed to check if the user is coming from the > configured domain or not. If it is a user of the configured domain we > take KRB5_REALM from the configuration to guess the principal because > the configured domain name might not be suitable, e.g. 'default' used by > authconfig of the NetBIOS AD domain name used by realmd. > > bye, > Sumit
Ah, right. Thank you. Pushed to master and sssd-1-11 _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
