Flushed pending centeris patch queue

Gerald (Jerry) Carter jerry at samba.org
Mon May 7 12:59:50 GMT 2007

Hash: SHA1

Guenther Deschner wrote:
>> I've pushed out all my pending patches for winbindd except:
>> (a) security = ads & machine password change in winbindd
>> (b) username map support for winbindd
> I send you my UPN logon patch in a separate mail today.

Cool.  Thanks.

>> Since these might possibly require some discussion and general
>> agreement, I'll post patches to the list here.
>> The major merges are
>> 1.  Maintaining the full trust topology (including transitive
>>     trusts).  These should be accessed by child processes
>>     using the wcache_tdc_xxx() functions.
> Could we expand the winbindd_tdc_domain structure more so that it can
> contain at least a flag indicating whether we know if one of the remote
> domains is AD or not? We need to have this to have our "logon offline in
> AD domain, register krb5 ticket gain handler, device comes up, automatic
> ticket aquisition" path still working.

It's there.   The tdc->flags is DS_DOMAIN_TRUST_TYPE_UPLEVEL,
then it's an AD domain.  The active_directory flag in struct
winbindd_domain is still accurate if that is what you are relying

>> 4.  Updated set_dc_and_flags() functionality based on trust
>>     information from our primary domain.  This means we
>>     should be able to avoid contacting remote domains
>>     (inside our forest).
> This relates to the above then.
>> There's other minor fixes. 
> One was the LOGON_KRB5_FAIL_CLOCK_SKEW info3 flag, that one 
> you just define yourself and is not part of the
> dc-returned info3 structure, right?

Yeah.  I thought that was what you did with the GRACE_LOGON,

cheers, jerry
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba-technical mailing list