[PACTHSET] Some patches from the MIT KDC branch
Stefan (metze) Metzmacher
metze at samba.org
Wed Jul 8 22:01:49 UTC 2015
Hi Andreas,
> From cbb6a9e9148a911431fa9c1ba722df3ec9f08bd2 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Mon, 26 Jan 2015 19:30:36 +0100
> Subject: [PATCH 1/8] samba_dnsupdate: Use selftest krb5.conf.
>
> This fixes a chicken and egg problem in selftest.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source4/scripting/bin/samba_dnsupdate | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
> index 7f94067..8cddea0 100755
> --- a/source4/scripting/bin/samba_dnsupdate
> +++ b/source4/scripting/bin/samba_dnsupdate
> @@ -507,10 +507,17 @@ if opts.update_cache:
> else:
> dns_update_cache = lp.private_path('dns_update_cache')
>
> -# use our private krb5.conf to avoid problems with the wrong domain
> -# bind9 nsupdate wants the default domain set
> -krb5conf = lp.private_path('krb5.conf')
> -os.environ['KRB5_CONFIG'] = krb5conf
> +# The selftest chicken-egg problem:
> +#
> +# This script sets up the initial name server entries in our selftest
> +# environment. It asks for a kerberos ticket but if it can't find it if
> +# it asks the nameserver cause the required entry is not there yet.
> +resolv_wrapper = os.getenv('RESOLV_WRAPPER')
> +if resolv_wrapper:
> + # use our private krb5.conf to avoid problems with the wrong domain
> + # bind9 nsupdate wants the default domain set
> + krb5conf = lp.private_path('krb5.conf')
> + os.environ['KRB5_CONFIG'] = krb5conf
>
I'm pretty sure I nacked exactly this patch a few month ago.
I don't understand what this change is supposed to do.
Who will every set RESOLV_WRAPPER ? We only have RESOLV_WRAPPER_CONF
and RESOLV_WRAPPER_HOSTS.
But still I don't understand it.
The real fix is to just have one krb5.conf in selftest envs.
We currently have this, which seems wrong:
metze at SERNOX14:~/devel/samba/4.0/master4-test$ find
/data/tmp/samba-master4-franky/ -name krb5.conf
/data/tmp/samba-master4-franky/ad_dc_ntvfs/etc/krb5.conf
/data/tmp/samba-master4-franky/ad_dc_ntvfs/private/krb5.conf
/data/tmp/samba-master4-franky/ad_dc/etc/krb5.conf
/data/tmp/samba-master4-franky/ad_dc/private/krb5.conf
/data/tmp/samba-master4-franky/fl2000dc/etc/krb5.conf
/data/tmp/samba-master4-franky/fl2000dc/private/krb5.conf
/data/tmp/samba-master4-franky/fl2003dc/etc/krb5.conf
/data/tmp/samba-master4-franky/fl2003dc/private/krb5.conf
/data/tmp/samba-master4-franky/rodc/etc/krb5.conf
/data/tmp/samba-master4-franky/plugin_s4_dc/etc/krb5.conf
/data/tmp/samba-master4-franky/plugin_s4_dc/private/krb5.conf
/data/tmp/samba-master4-franky/fl2008r2dc/etc/krb5.conf
/data/tmp/samba-master4-franky/fl2008r2dc/private/krb5.conf
/data/tmp/samba-master4-franky/dc/etc/krb5.conf
/data/tmp/samba-master4-franky/dc/private/krb5.conf
/data/tmp/samba-master4-franky/s4member/etc/krb5.conf
/data/tmp/samba-master4-franky/s4member/private/krb5.conf
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150709/67027f47/signature.sig>
More information about the samba-technical
mailing list