On Thu, Oct 20, 2011 at 10:48:08AM +0200, Jan Zelený wrote:
>
https://fedorahosted.org/sssd/ticket/957
>
> Jan
Thanks for the review. New patches are in attachment
Nack:
Please fix the unittests.
Gaah, for the second time in two days. Thanks for catching that, I have to
write this down somewhere.
The new option needs to be added to the sss-krb5 man page.
In the second patch.
I think it would make sense to rebase this patch on top of
"[PATCH] Add
krb5_fast_principal to SSSDConfig API".
Done
If you're staying with the env variable and not doing the command
line
options as Sumit suggested, then it's easier and less error prone to just
check if the env variable is set to anything:
tmp_str = getenv(SSSD_KRB5_CANONICALIZE);
if (tmp_str) {
set_canonicalize();
}
Not really, the tmp_str is always set, either to true or false. I believe my
approach is as error-proof as possible :-) The default option in case
something happens to the ENV variable is to consider it being false. Only if
it's correctly detected in the environment it's considered to be true.
Maybe it would be nicer to wrap the above in a function to avoid
duplication.
Done
Does it make sense to pass the option to the LDAP child as well?
I was wondering about that too. Franky, I was hoping either Simo or Sumit
would recommend it if it did.
I'm not sure if we still plan to support old Kerberos libraries,
such as RHEL5 with SSSD 1.7.0+ but if we do, you also need to create
a wrapper around krb5_get_init_creds_opt_set_canonicalize(). See
sss_krb5_get_init_creds_opt_set_expire_callback() for an example.
I don't think so, but I'm not 100% sure. I'll leave it as it is and do the
support later if necessary.
Jan