On Wed, Sep 26, 2012 at 08:15:14PM +0200, Pavel Březina wrote:
> From f5fb376ccd91ca307b5b47dbfe46048e4b868843 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina(a)redhat.com>
> Date: Tue, 25 Sep 2012 15:02:12 +0200
> Subject: [PATCH] remove left over principal selection
>
>
> Domain start up was taking too long when there are many principals
> in a kerberos keytab. We were looking up in the keytab two times.
>
> The first time we try to select a proper principal and remember it.
> The second call happens almost right after the first one and
> it is just a check if the principal exists in the keytab, without
> any output information other than success/failure. It is
> probably a left over from
https://fedorahosted.org/sssd/ticket/781.
>
> This patch removes the second call.
In general I think you're right, but I think we should also add a call
to select_principal_from keytab to the generic LDAP provider in case the
LDAP with GSSAPI is configured in a similar fashion the we call
select_principal_from_keytab from the AD and IPA providers.