Hi Steve,
On Thu, Apr 12, 2012 at 12:02:19PM -0400, Steve Dickson wrote:
> > Here it is. The whole HAVE_SET_ALLOWABLE_ENCTYPES logic is still in place
> > but my code now ignores it. So with a GSSAPI implementation that doesn't
> > support it, the -l switch will be accepted by gssd but silently do
> > nothing.
> Well after further review.... it appears remove moving those defines would
> have a negative impact on backwards compatibility with older Kerberos
> libraries.
> So what I'm thinking of doing is error out if an admin tries to use the
> -l flag with incompatible Kerberos libraries. I also made a note in
> the man page. So how about something like this:
No arguments from me. Seems a great solution.
> If this seems reasonable, would you mind giving it a test run to
> ensure I have not broken anything? tia..
I gave it a spin on my RHEL6 VM and everything still works.
Compiling with HAVE_SET_ALLOWABLE_ENCTYPES undefined produces a gssd
that bails as intended:
[root@rhel6 gssd]# ./gssd -vvv -f -l
gssd: Setting encryption type not support by Kerberos libraries.
Thanks,
--
Michael Weiser science + computing ag
Senior Systems Engineer Geschaeftsstelle Duesseldorf
Martinstrasse 47-55, Haus A
phone: +49 211 302 708 32 D-40223 Duesseldorf
fax: +49 211 302 708 50 www.science-computing.de
--
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
