CVS update: samba/source/nsswitch
Andrew Bartlett
abartlet at samba.org
Sun Jun 22 03:02:08 GMT 2003
On Sat, 2003-06-21 at 23:26, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 21 Jun 2003, Andrew Bartlett wrote:
>
> > - I'm worried about removing the 'server disabled' checks - what stops
> > us beating on dead servers?
>
> I can put them back in, but the 3.0 code seemed to have drifted
> quite a bit. I spoke with Tim and Jeremy about it can came to
> the conclusion the APP_HEAD was in a better state wrt to this
> feature.
>
> You also need to qualify what you mean by dead. We have name
> a negative connection cache as well for fdealing with dead
> connections. A lot of the code for dealing with RestrictAnonymous
> DC's neede to know what the last returned error was. Arbitrarly
> returned server disabled causes problems here. If the new code poses a
> problem, then we'll need to add in more checks rather than reverting this
> change.
Yes, but 3.0 does ADS connections - those servers won't be affected by a
negative netbios name cache. (And yes, I've seen that code improving
very nicely over the last little bit).
> This code has been running well for several months now through a barrage
> of failover test.
Including ADS failover?
> > - We need to use the parsed information in the PAC or else we are going
> > to get *very* inconsistent results with clients who 'sometimes' use
> > Kerberos.
>
> like I said, this was only for the rpc backend. The ads code
> will need more work. The uni_group code didn't use the PAC
> information either.
Just watch out, we can mix the RPC backend with kerberos logins under
some strange situations.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030622/1d2ad145/attachment.bin
More information about the samba-technical
mailing list