CVS update: samba/source/nsswitch

Andrew Bartlett abartlet at samba.org
Sun Jun 22 03:02:08 GMT 2003 

On Sat, 2003-06-21 at 23:26, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 21 Jun 2003, Andrew Bartlett wrote:
> 
> >  - I'm worried about removing the 'server disabled' checks - what stops
> > us beating on dead servers?
> 
> I can put them back in, but the 3.0 code seemed to have drifted
> quite a bit.  I spoke with Tim and Jeremy about it can came to 
> the conclusion the APP_HEAD was in a better state wrt to this 
> feature.
> 
> You also need to qualify what you mean by dead.  We have name
> a negative connection cache as well for fdealing with dead 
> connections.  A lot of the code for dealing with RestrictAnonymous
> DC's neede to know what the last returned error was.  Arbitrarly
> returned server disabled causes problems here.  If the new code poses a 
> problem, then we'll need to add in more checks rather than reverting this 
> change.

Yes, but 3.0 does ADS connections - those servers won't be affected by a
negative netbios name cache.  (And yes, I've seen that code improving
very nicely over the last little bit).

> This code has been running well for several months now through a barrage 
> of failover test.

Including ADS failover?

> >  - We need to use the parsed information in the PAC or else we are going
> > to get *very* inconsistent results with clients who 'sometimes' use
> > Kerberos.
> 
> like I said, this was only for the rpc backend.  The ads code 
> will need more work.  The uni_group code didn't use the PAC 
> information either.

Just watch out, we can mix the RPC backend with kerberos logins under
some strange situations.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030622/1d2ad145/attachment.bin

More information about the samba-technical mailing list