[PATCH] krb5 ticket refresh chain

[boyang]

Stefan (metze) Metzmacher wrote:
> Hi BoYang,
>
>   
>>      nautilus and smbspool rely on krb5 ticket to connect to servers,
>> therefore, it can locks account when krb5 ticket expires. The
>> recommended question here is destroying krb5 ticket in case that it can
>> be expired and renew/rekinit it when possible. We handle errors such as
>> KRB5_REALM_CANT_RESOLVE, KRB5_AP_ERR_TKT_EXPIRED or KRB5_FCC_NOFILE to
>> make krb5 ticket refresh chain more robust.
>>     When we cannot renew/rekinit ticket, or login in cache mode, destroy
>> krb5 ticket and try to renew/rekinit it later when KDC available. when
>> krb5 ticket expired, we rekinit it if it is possible.
>>     Patches are in the attachment, thanks!
>>     
>
> I'm currently rewriting this to avoid set_event_dispatch_time() and
> cancel_named_event(), as both only work on the first event with the
> given name.
>   
Yep. I have changed cancel_named_event() to cancel all events with the
name event_name instead of just canceling the first one.  but it is not
post the list yet. The problem I didn't notice is that
set_event_dispatch_time() does the same thing. :-)
> You can find my work in progress here:
> http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-tevent2
>
> It would be nice if you could help me to rebase my changes on top of
> your patches or rewrite your changes based on the ideas in my changes.
>   
Yep. I'm doing it right now. I'll look at your work and rewrite my
changes. But my winbind is keeping killing idmap child and Local Sam(not
sure about the name, the child for the domain with the local netbios
name.:-)) no idea, still investigate it.
> As I have no setup to really test my changes.
>
> metze
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: boyang.vcf
Type: text/x-vcard
Size: 187 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090105/22064733/boyang.vcf