By adding a new option to rpc.gssd the administrator can choose whether
she wants the old "EACCESS on ticket expiry" or the new "wait for new
ticket" behaviour.
On 18/11/11 14:44, Steve Dickson wrote:
>
> On 11/18/2011 06:32 AM, John Hughes wrote:
>> By adding a new option to rpc.gssd the administrator can choose whether she wants the old "EACCESS on ticket expiry" or the new "wait for new ticket" behaviour.
>>
>>
> I am not too keen this idea at all.... I've never been a fan of
> added command line arguments for this purpose..
Nope, me neither.
> . Plus there is no man page update...
Okeydoke, let's see, where's the man page...
$ find /usr/share/man* -name 'rcp.gssd*'
find: cannot get current directory: Permission denied
AArgh! :-) Yum, this dogfood tastes nice!
> Also please post patches in-line
> the email not as email attachments...
De gustibus non disputandum est.
New version of patch on it's way.
On 18/11/11 14:44, Steve Dickson wrote:
>
> I think the answer to all this is have the ticket
> renewed before it expires. There is a daemon call sssd
> that is part of the FreeIPA project that will supposedly
> do that for us... I'm looking into it...
You can only renoew the ticket before it expires if it hasn't yet expired.
Imagine this case:
I go home for the evening.
The screensaver kicks in.
The machine suspends to ram.
The ticket expires. Yes, it was renewable but nobody could renew it
because they were asleep.
I come back the next morning, hit a key, the unlock screen pops up, I
enter my password, pam_krb5 gets a new ticket.
On 11/18/2011 06:32 AM, John Hughes wrote:
> By adding a new option to rpc.gssd the administrator can choose whether she wants the old "EACCESS on ticket expiry" or the new "wait for new ticket" behaviour.
>
>
I am not too keen this idea at all.... I've never been a fan of
added command line arguments for this purpose... Plus there
is no man page update... Also please post patches in-line
the email not as email attachments...
If commit 2c64348 which causes the process to hang when
its kerberos ticket expires is a regression... then so
be it... lets revert that commit and have the process error
out with EPERM.... It sounds like the apps would rather
have the error than the hanging...
I think the answer to all this is have the ticket
renewed before it expires. There is a daemon call sssd
that is part of the FreeIPA project that will supposedly
do that for us... I'm looking into it...
steved.
On 11/18/2011 02:59 PM, John Hughes wrote:
> On 18/11/11 14:44, Steve Dickson wrote:
>>
>> On 11/18/2011 06:32 AM, John Hughes wrote:
>> . Plus there is no man page update...
>
> Okeydoke, let's see, where's the man page...
>
> $ find /usr/share/man* -name 'rcp.gssd*'
>
> find: cannot get current directory: Permission denied
rcp != rpc
Cheers
Luk