[PACTHSET] Some patches from the MIT KDC branch
Andreas Schneider
asn at samba.org
Thu Jul 9 08:13:18 UTC 2015
On Thursday 09 July 2015 00:01:49 Stefan Metzmacher wrote:
> Hi Andreas,
>
> > From cbb6a9e9148a911431fa9c1ba722df3ec9f08bd2 Mon Sep 17 00:00:00 2001
> > From: Andreas Schneider <asn at samba.org>
> > Date: Mon, 26 Jan 2015 19:30:36 +0100
> > Subject: [PATCH 1/8] samba_dnsupdate: Use selftest krb5.conf.
> >
> > This fixes a chicken and egg problem in selftest.
> >
> > Signed-off-by: Andreas Schneider <asn at samba.org>
> > ---
> >
> > source4/scripting/bin/samba_dnsupdate | 15 +++++++++++----
> > 1 file changed, 11 insertions(+), 4 deletions(-)
> >
> > diff --git a/source4/scripting/bin/samba_dnsupdate
> > b/source4/scripting/bin/samba_dnsupdate index 7f94067..8cddea0 100755
> > --- a/source4/scripting/bin/samba_dnsupdate
> > +++ b/source4/scripting/bin/samba_dnsupdate
> >
> > @@ -507,10 +507,17 @@ if opts.update_cache:
> > else:
> > dns_update_cache = lp.private_path('dns_update_cache')
> >
> > -# use our private krb5.conf to avoid problems with the wrong domain
> > -# bind9 nsupdate wants the default domain set
> > -krb5conf = lp.private_path('krb5.conf')
> > -os.environ['KRB5_CONFIG'] = krb5conf
> > +# The selftest chicken-egg problem:
> > +#
> > +# This script sets up the initial name server entries in our selftest
> > +# environment. It asks for a kerberos ticket but if it can't find it if
> > +# it asks the nameserver cause the required entry is not there yet.
> > +resolv_wrapper = os.getenv('RESOLV_WRAPPER')
> > +if resolv_wrapper:
> > + # use our private krb5.conf to avoid problems with the wrong domain
> > + # bind9 nsupdate wants the default domain set
> > + krb5conf = lp.private_path('krb5.conf')
> > + os.environ['KRB5_CONFIG'] = krb5conf
>
> I'm pretty sure I nacked exactly this patch a few month ago.
>
> I don't understand what this change is supposed to do.
> Who will every set RESOLV_WRAPPER ? We only have RESOLV_WRAPPER_CONF
> and RESOLV_WRAPPER_HOSTS.
>
> But still I don't understand it.
>
> The real fix is to just have one krb5.conf in selftest envs.
The thing is that selftest creates a krb5.conf for the daemons and samba-tool
creates one during provision.
st/ad_dc_ntvfs/etc/krb5.conf is the one selftest creates which has the ip
addresses for the kdc in the config file
st/ad_dc_ntvfs/private/krb5.conf is the config samba-tool creates.
It might be the correct fix is:
https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=fab9ae4e0d7d175a7c4f5af969231a4116c1a2db
I need to test it.
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150709/0ceff82d/signature.sig>
More information about the samba-technical
mailing list