Flushed pending centeris patch queue
Gerald (Jerry) Carter
jerry at samba.org
Mon May 7 12:59:50 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Guenther Deschner wrote:
>> I've pushed out all my pending patches for winbindd except:
>> (a) security = ads & machine password change in winbindd
>> (b) username map support for winbindd
> I send you my UPN logon patch in a separate mail today.
>> Since these might possibly require some discussion and general
>> agreement, I'll post patches to the list here.
>> The major merges are
>> 1. Maintaining the full trust topology (including transitive
>> trusts). These should be accessed by child processes
>> using the wcache_tdc_xxx() functions.
> Could we expand the winbindd_tdc_domain structure more so that it can
> contain at least a flag indicating whether we know if one of the remote
> domains is AD or not? We need to have this to have our "logon offline in
> AD domain, register krb5 ticket gain handler, device comes up, automatic
> ticket aquisition" path still working.
It's there. The tdc->flags is DS_DOMAIN_TRUST_TYPE_UPLEVEL,
then it's an AD domain. The active_directory flag in struct
winbindd_domain is still accurate if that is what you are relying
>> 4. Updated set_dc_and_flags() functionality based on trust
>> information from our primary domain. This means we
>> should be able to avoid contacting remote domains
>> (inside our forest).
> This relates to the above then.
>> There's other minor fixes.
> One was the LOGON_KRB5_FAIL_CLOCK_SKEW info3 flag, that one
> you just define yourself and is not part of the
> dc-returned info3 structure, right?
Yeah. I thought that was what you did with the GRACE_LOGON,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical