CVS update: samba/source/nsswitch

Gerald (Jerry) Carter jerry at samba.org
Sat Jun 21 13:26:22 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21 Jun 2003, Andrew Bartlett wrote:

>  - I'm worried about removing the 'server disabled' checks - what stops
> us beating on dead servers?

I can put them back in, but the 3.0 code seemed to have drifted
quite a bit.  I spoke with Tim and Jeremy about it can came to 
the conclusion the APP_HEAD was in a better state wrt to this 
feature.

You also need to qualify what you mean by dead.  We have name
a negative connection cache as well for fdealing with dead 
connections.  A lot of the code for dealing with RestrictAnonymous
DC's neede to know what the last returned error was.  Arbitrarly
returned server disabled causes problems here.  If the new code poses a 
problem, then we'll need to add in more checks rather than reverting this 
change.

This code has been running well for several months now through a barrage 
of failover test.

>  - You didn't remove the old netlogon_unigroup code

Right.  Not yet at least.  On the source file is there.  It's 
not linked.

>  - Why is the cache in the form 'domain-name/rid'?  What's wrong with
> the full SID, as the netlogon unigroup code did?

You reading an old comment. 

>  - We need to use the parsed information in the PAC or else we are going
> to get *very* inconsistent results with clients who 'sometimes' use
> Kerberos.

like I said, this was only for the rpc backend.  The ads code 
will need more work.  The uni_group code didn't use the PAC 
information either.






cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+9F0CIR7qMdg1EfYRAltGAKC7yhp58lW57D/3dOLZ8ZXkGGBnPACeKPCD
Nk0J+7+ff8LUIXK8c8ZnG6I=
=slCz
-----END PGP SIGNATURE-----




More information about the samba-technical mailing list