On (12/11/14 10:00), Simo Sorce wrote:
>I would create a helper function to be called on return that transforms the
>error
>accordingly. This will allow to write the code _and_ the comment once.
>
In this case, Stephan's patch is better
https://bugzilla.redhat.com/attachment.cgi?id=788567
>The comment should be changed to something like this in either case:
>/* When sssd is stopped return a safe error code as if sss was not
>configured at all in nsswitch. This prevents bogus errors from causing
>issues in applications, before sssd starts or if it fails to respond. */
>
>No need to mention that sss is by default in nsswitch, as it is not in all
>distributions and it really is inconsequential, the same behaviour change
>hleps when sss is not the default but is has been manually added and sssd is
>stopped or not started yet (for example during boot).
nss-pam-ldapd has the same behaviour in the same situation.
Will we patch it as well? It's very likely we won't.
The biggest problem is that sss is by default in nsswitch on fedora/rhel>=7
due to glibc caching and problem with GNOME,
a) sssd-client is installed by default on this platforms.
b) sssd need't be configured by default and in most cases won't be
=> sssd cannot run
c) glibc developers don't want to adjust the error return code in glibc
As a result of this, we need to patch sssd.
I would say we should patch sssd just in downstream and
Stephan's patch works well. I tested it.
LS
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
