On Wed, 12 Nov 2014 16:36:00 +0100 Lukas Slebodnik <lsleb...@redhat.com> wrote:
> On (12/11/14 10:00), Simo Sorce wrote: > >I would create a helper function to be called on return that > >transforms the error accordingly. This will allow to write the code > >_and_ the comment once. > > > In this case, Stephan's patch is better > https://bugzilla.redhat.com/attachment.cgi?id=788567 Yes, this is a valid alternative. > >The comment should be changed to something like this in either case: > >/* When sssd is stopped return a safe error code as if sss was not > >configured at all in nsswitch. This prevents bogus errors from > >causing issues in applications, before sssd starts or if it fails to > >respond. */ > > > >No need to mention that sss is by default in nsswitch, as it is not > >in all distributions and it really is inconsequential, the same > >behaviour change hleps when sss is not the default but is has been > >manually added and sssd is stopped or not started yet (for example > >during boot). > nss-pam-ldapd has the same behaviour in the same situation. > Will we patch it as well? It's very likely we won't. Sorry, I do not see how that matters :) > The biggest problem is that sss is by default in nsswitch on > fedora/rhel>=7 due to glibc caching and problem with GNOME, > a) sssd-client is installed by default on this platforms. > b) sssd need't be configured by default and in most cases won't be > => sssd cannot run > c) glibc developers don't want to adjust the error return code in > glibc > > As a result of this, we need to patch sssd. > I would say we should patch sssd just in downstream and > Stephan's patch works well. I tested it. Ok, then let's go with Stephen's patch. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
