On Fri, 2015-07-03 at 21:34 +0200, Sumit Bose wrote: > On Fri, Jul 03, 2015 at 02:12:34PM -0400, Simo Sorce wrote: > > On Fri, 2015-07-03 at 11:59 +0200, Jakub Hrozek wrote: > > > On Fri, Jul 03, 2015 at 11:54:46AM +0200, Jakub Hrozek wrote: > > > > Hi, > > > > > > > > the attached patches fix https://fedorahosted.org/sssd/ticket/2701 > > > > > > > > The first patch just adds a common function instead of copying the same > > > > pattern again to the new test. > > > > > > > > The second adds a new request krb5_auth_queue_send() that wraps > > > > krb5_auth_send() and also uses the Kerberos authentication queue. I hope > > > > the unit tests cover a lot of use-cases, if not, please suggest more! > > > > > > > > btw I was thinking that the chaining might not always be necessary if > > > > the ccache is of type MEMORY and I hope that the serializaton wouldn't > > > > be perceived as performance regression for users. Shall we say that > > > > Pavel's cached auth patches are a more systematic solution that doesn't > > > > rely on properties of the ccache type in that case? > > > > > > I'm sorry, but CI fails on Debian because of wrong linking with > > > libraries. I'm already testing a fix. Review of the rest is appreciated > > > :-) > > > > If we are serializing all authentications then a busy server would be > > swamped. I do not see a per-user/per-cache queue so I would tentatively > > NACK the approach sorry. > > The current cache queue is per user, see add_to_wait_queue() for > details.
I actually did look to check that and failed, I blame the late hour :-) Per-user is fine by me, though I would seriously consider de-duplication while we are here. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel