On (31/05/13 21:29), Jakub Hrozek wrote:
>On Wed, 2013-05-29 at 16:09 +0200, Lukas Slebodnik wrote:
>> On (29/05/13 08:44), Simo Sorce wrote:
>> >On Wed, 2013-05-29 at 11:30 +0200, Lukas Slebodnik wrote:
>> >> On (29/05/13 11:07), Lukas Slebodnik wrote:
>> >> >ehlo,
>> >> >
>> >> >Function krb5_cc_get_full_name is called only as a way to validate
that,
>> >> >we have the right cache. Instead of returned name, location will be
returned
>> >> >from function cc_dir_cache_for_princ.
>> >> >
>> >> >https://fedorahosted.org/sssd/ticket/1936
>> >> >
>> >> >Patch is attached.
>> >> >
>> >> >LS
>> >>
>> >> self NACK
>> >>
>> >> this patch store to cache DIR:/run/user/325600000/krb5cc
>> >> ^^^^
>> >> missing colon?
>> >
>> >No, this is the correct form.
>> I found out, that it is a correct form.
>> Problem was with checking ccname in function sss_krb5_cc_file_path.
>>
>> New patches attached.
>>
>> LS
>
>Sorry for the reply from gmail. My OTP token decided the best password
>for me on a Friday evening is "Err", so I can't access my
redhat.com
>account at the moment.
>
>These patches break one assumption we want to keep -- if there is a user
>logged in and the same user logs in for example from another terminal,
>they should have the same ccache. With your patches, I'm getting a new
>one when I log in simultaneously.
>
>I haven't tested that, but I guess this is because path to collection is
>always passed to the krb5_child now. I think that in the case user is
>already logged in (in krb5 code we denote this with "ccache is active"),
>then you should pass the full path to the ccache to the krb5_child.
>
Simo wrote in ticket comment (
https://fedorahosted.org/sssd/ticket/1936#comment:10)
> Do we really want to store only DIR:/run/user/$uid/krb5cc/ to cache?
Yes, this is exactly what we want as a ccache.
LS
Yes, I saw that comment and I agree with Simo.
But I think we should examine the ccache collection and in the case
there already is a valid cache present there, we should reuse it just
like we did before.