[PATCH] krb5 ticket refresh chain

Stefan (metze) Metzmacher metze at samba.org
Mon Jan 5 08:25:55 GMT 2009 

boyang schrieb:
> boyang wrote:
>> Stefan (metze) Metzmacher wrote:
>>   
>>> Hi BoYang,
>>>
>>>   
>>>     
>>>>      nautilus and smbspool rely on krb5 ticket to connect to servers,
>>>> therefore, it can locks account when krb5 ticket expires. The
>>>> recommended question here is destroying krb5 ticket in case that it can
>>>> be expired and renew/rekinit it when possible. We handle errors such as
>>>> KRB5_REALM_CANT_RESOLVE, KRB5_AP_ERR_TKT_EXPIRED or KRB5_FCC_NOFILE to
>>>> make krb5 ticket refresh chain more robust.
>>>>     When we cannot renew/rekinit ticket, or login in cache mode, destroy
>>>> krb5 ticket and try to renew/rekinit it later when KDC available. when
>>>> krb5 ticket expired, we rekinit it if it is possible.
>>>>     Patches are in the attachment, thanks!
>>>>     
>>>>       
>>> I'm currently rewriting this to avoid set_event_dispatch_time() and
>>> cancel_named_event(), as both only work on the first event with the
>>> given name.
>>>   
>>>     
>> Yep. I have changed cancel_named_event() to cancel all events with the
>> name event_name instead of just canceling the first one.  but it is not
>> post the list yet. The problem I didn't notice is that
>> set_event_dispatch_time() does the same thing. :-)
>>   
>>> You can find my work in progress here:
>>> http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-tevent2
>>>
>>> It would be nice if you could help me to rebase my changes on top of
>>> your patches or rewrite your changes based on the ideas in my changes.
>>>   
>>>     
>> Yep. I'm doing it right now. I'll look at your work and rewrite my
>> changes. But my winbind is keeping killing idmap child and Local Sam(not
>> sure about the name, the child for the domain with the local netbios
>> name.:-)) no idea, still investigate it.
>>   
>>> As I have no setup to really test my changes.
>>>     
> Ok. It looks like easier to rewrite my changes on the top of your
> changes. :-)

I'm currently doing more changes... maybe it's better to discuss in
realtime on IRC.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090105/6a627a16/signature.bin

More information about the samba-technical mailing list