-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/22/2010 11:40 AM, Sumit Bose wrote:
On Wed, Dec 22, 2010 at 11:06:22AM -0500, Stephen Gallagher wrote:
Patch 0001: I found a bug where the first domain in the list wasn't
being checked for whether it needed a cache update during PAM. We
weren't initializing the preq->check_provider variable.
> ACK
Patch 0002: Add a new per-client option that maintains the time since
the last PAM request updated the cache (default: 5s). Changes the
behavior so that any PAM request (not just AUTH or SETCRED) that's
called will trigger an identity lookup, unless we're within the timeout.
> see below, otherwise the patch looks fine.
+ /* Set up the negative cache */
Please fix the comment
+ ret = confdb_get_int(cdb, pctx, CONFDB_PAM_CONF_ENTRY,
+ CONFDB_PAM_ID_TIMEOUT, 5,
+ &id_timeout);
+ if (ret != EOK) goto done;
+
+ pctx->id_timeout = (size_t)id_timeout;
+
ret = sss_ncache_init(pctx, &pctx->ncache);
Silly copy-paste error. New patches attached.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0SLIoACgkQeiVVYja6o6MlxACdGRqqw+TWdZGhM+S9ZA2OKn9f
q78AnAx3qTuDoOU9RsfbGV3H82EzNBOc
=uQ3f
-----END PGP SIGNATURE-----