URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support
jhrozek commented: """ OK, apart from the issue with the patch compilation, I found one more with manual testing -- it looks like changing the expired password of a newly created IPA user is not working correctly. I'm getting: ``` (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [sss_child_krb5_trace_cb] (0x4000): [1798] 1487624043.229515: Received error from KDC: -1765328361/Password has expired (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [get_and_save_tgt] (0x0020): 1526: [-1765328361][Password has expired] (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [map_krb5_error] (0x0020): [1432158285][No authentication methode available]. (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [k5c_send_data] (0x0200): Received error code 1432158285 (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [pack_response_packet] (0x2000): response packet size: [4] (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [k5c_send_data] (0x4000): Response sent. (Mon Feb 20 20:54:03 2017) [[sssd[krb5_child[1798]]]] [main] (0x0400): krb5_child completed successfully (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [read_pipe_handler] (0x0400): EOF received, client finished (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [check_wait_queue] (0x1000): Wait queue for user [authte...@ipa.test] is empty. (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x19ccf00] done. (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #8]: Request handler finished [0]: Success (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #8]: Receiving request data. (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #8]: Request removed. (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Mon Feb 20 20:54:03 2017) [sssd[be[ipa.test]]] [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #8]: Sending result [18][ipa.test] ``` This works fine with the current master. Apart from that, I ran downstream tests for AD, LDAP/LDAP and LDAP/KRB5. Manual testing included: * IPA auth with a password, online and offline * IPA auth with OTP, online and offline * AD auth, AD auth with a UPN * subdomain auth * IPA password change The code looks mostly good, I will make another pass on it tomorrow, but I suppose if I even ask for anything, it would be comments or so. """ See the full comment at https://github.com/SSSD/sssd/pull/137#issuecomment-281179465
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
