storing our machine account name in secrets.tdb
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Mar 13 20:32:54 GMT 2007
On Tue, Mar 13, 2007 at 03:03:32PM -0500, Gerald (Jerry) Carter wrote:
> I'll give you an example of what I mean. Support
> smbclient tries to connect to a remote CIFS server
> and gets back a KRB5_ERR_CLOCK_SKEW. Should it try
> to sync the system clock somehow? No. The operating
Good example :-)
Look at libads/kerberos.c:85 :
if (time_offset != 0) {
krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
}
Why do we do this? This is really a line we have to draw.
Either we use the existing services as-is and live with the
Kerberos bugs/problems or we go and try to find workarounds.
For example Günther's KDC locator plugin, why is this
necessary? Why don't we tell people to correctly set up
their krb5.conf files?
Don't get me wrong, again: I'm not pressing for this change.
I can always say WONTFIX to this bug report, but I want good
arguments when refusing to fix it.
> Of course, this is just my opinion. If you have code
> and things turn out to not as bad as I think they will
> be, then I'll change my tune. Or if a majority of people
Let me spend some days to code this up. Do you want to watch
me while checking it into 3_0 or do you want me to work in a
bzr tree and present a big patch?
> PS: I would be much more agreeable to the idea if we
> were going our own distro and could actually control
> the OS to a degree.
You're not serious here, are you?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070313/2a0f0e8e/attachment.bin
More information about the samba-technical
mailing list