CVS update: samba/source/nsswitch
Gerald (Jerry) Carter
jerry at samba.org
Sat Jun 21 13:26:22 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jun 2003, Andrew Bartlett wrote:
> - I'm worried about removing the 'server disabled' checks - what stops
> us beating on dead servers?
I can put them back in, but the 3.0 code seemed to have drifted
quite a bit. I spoke with Tim and Jeremy about it can came to
the conclusion the APP_HEAD was in a better state wrt to this
feature.
You also need to qualify what you mean by dead. We have name
a negative connection cache as well for fdealing with dead
connections. A lot of the code for dealing with RestrictAnonymous
DC's neede to know what the last returned error was. Arbitrarly
returned server disabled causes problems here. If the new code poses a
problem, then we'll need to add in more checks rather than reverting this
change.
This code has been running well for several months now through a barrage
of failover test.
> - You didn't remove the old netlogon_unigroup code
Right. Not yet at least. On the source file is there. It's
not linked.
> - Why is the cache in the form 'domain-name/rid'? What's wrong with
> the full SID, as the netlogon unigroup code did?
You reading an old comment.
> - We need to use the parsed information in the PAC or else we are going
> to get *very* inconsistent results with clients who 'sometimes' use
> Kerberos.
like I said, this was only for the rpc backend. The ads code
will need more work. The uni_group code didn't use the PAC
information either.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+9F0CIR7qMdg1EfYRAltGAKC7yhp58lW57D/3dOLZ8ZXkGGBnPACeKPCD
Nk0J+7+ff8LUIXK8c8ZnG6I=
=slCz
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list