a recent change in GENSEC

Andrew Bartlett abartlet at samba.org
Fri Nov 3 22:03:30 GMT 2006 

On Fri, 2006-11-03 at 22:58 +0100, Rafal Szczesniak wrote:
> On Sat, Nov 04, 2006 at 08:40:11AM +1100, Andrew Bartlett wrote:
> > On Fri, 2006-11-03 at 22:33 +0100, Rafal Szczesniak wrote:
> > > Hi,
> > > 
> > > I'm a bit stuck with one of recent changes in GENSEC when testing
> > > new libnet function for listing user accounts. Namely, when doing
> > > a prerequisite - connecting rpc pipe to open the domain - it hangs
> > > on smb connection with debug messages "Timed out smb_krb5 packet"
> > > repeated every 2-3 seconds.
> > > 
> > > It may be trivial or I might have missed something, so any hint
> > > please - what could be the reason ? I'd like not to commit a draft
> > > code, but if that's the only way, then let it be.
> > > 
> > > Andrew, you're probably best informed about what could be wrong :)
> > 
> > Are you sure the kdc is there?  It could be really timing out :-)
> 
> Wow, Andrew, that was quick. Thank you for replying :)
> 
> No, I am sure the kdc _is not_ there (at least I haven't configured
> any), so it does time out. What troubles me is that the code seems
> to rely on the kdc being present whereas it did not. To put it another
> way - the tests I have troubles with right now used to work. What's
> even more interesting is that 'make test' seems to work fine, so I suspect
> I may have some configuration hiccups on my default testing server.

make test has a KDC present.  The code assumes that if the remote server
offers krb5, then the KDC may be presumed to be available. 

This isn't great, but there are not many other options.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20061104/6fbfe122/attachment.bin

More information about the samba-technical mailing list