[PATCH] libads: fixes to generation of custom krb5.conf
Jeremy Allison
jra at samba.org
Thu Jun 4 12:25:53 MDT 2015
On Thu, Jun 04, 2015 at 10:09:40AM +0300, Uri Simchoni wrote:
> Hi,
>
> Attached pls find some fixes to generation of custom krb5.conf -
> libads creates this file in order to help the kerberos client libs do
> AD-aware and specifically site-aware kerberos.
>
> Patch 1/4 - fix indentation of kdcs in case of multiple kdcs
> Patch 2/4 - when doing SRV queries, lookup _kerberos records and not
> _ldap records. This also fixes a bug in which only KDCs of the current
> site are listed, and KDCs of site-less query are not listed
> Patch 3/4 - correctly merge lists, to avoid same IP address coming up
> twice (well, maybe this one is needed because of the 2/4 fix..)
In patch 3:
+ port = (lookup_type == DC_ADS_ONLY) ? LDAP_PORT :
+ ((lookup_type == DC_KDC_ONLY) ? 88 : PORT_NONE);
should be:
+ port = (lookup_type == DC_ADS_ONLY) ? LDAP_PORT :
+ ((lookup_type == DC_KDC_ONLY) ? DEFAULT_KRB5_PORT : PORT_NONE);
just so we don't use 88 directly and have one place
to change all instances of it.
> Patch 4/4 - make sure the "known good server" from the
> session-affinity cache always appears first in the generated krb5.conf
> file.
Patch 4 is very clever :-). Well done !
> Please review,
> Uri.
With the minor change in #3 above, 'Reviewed-by: Jeremy Allison <jra at samba.org>'
Can I get a second Team reviewer ?
Cheers,
Jeremy.
More information about the samba-technical
mailing list