[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need a way to get the kdc timeout

On Tue, 2008-06-10 at 08:29 -0700, Love Hörnquist Åstrand wrote:
> 9 jun 2008 kl. 05.10 skrev Andrew Bartlett:
> > In Samba4, we have a 'send_to_kdc' plugin that we register.
> >
> > However this code reads the context->kdc_timeout to know how long to
> > spend in an loop waiting for replies.  However, we want to build  
> > using a
> > OS-supplied version of Heimdal, so don't want to know the internal
> > structure of that krb5_context.
> Since the timeout will be required for all send_to_kdc plugins, maybe  
> we just should change the function signature to include the timeout ?

Sounds fine to me.

Should we also make this plugin loadable via the normal plugin mechanism
(that we use for the windc hooks)?  This would allow Samba4 to publish a
plugin that uses socket_wrapper for hosts that use a system heimdal, and
would therefore allow us to run kinit in our selftests. 

(But we should watch for security implications of doing so)

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

This is a digitally signed message part