On Wed, Sep 26, 2012 at 08:15:14PM +0200, Pavel Březina wrote:
From f5fb376ccd91ca307b5b47dbfe46048e4b868843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrezina@redhat.com Date: Tue, 25 Sep 2012 15:02:12 +0200 Subject: [PATCH] remove left over principal selection
https://fedorahosted.org/sssd/ticket/1303
Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times.
The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781.
This patch removes the second call.
In general I think you're right, but I think we should also add a call to select_principal_from keytab to the generic LDAP provider in case the LDAP with GSSAPI is configured in a similar fashion the we call select_principal_from_keytab from the AD and IPA providers.