[Freeipa-devel] kpasswd and minor fixes
Rob Crittenden
rcritten at redhat.com
Thu Aug 9 20:10:42 UTC 2007
Simo Sorce wrote:
> Attached my latest work in creating a kpasswd daemon that proxies
> password changes to ldap.
> This make it possible to completely handle password changes with the
> pwd-extop plugin and always use the same codepath.
>
> As I have been traveling the local commit queue grow up and part of this
> stuff happened before the directory reorg ...
>
> Patches depend one on top of each other from lower number to higher, I
> omitted any changeset that has already been committed.
>
> Simo.
>
Ignoring freeipa33 and 35...
The freeipa36 patch is a little odd. It removes a bunch of code the
re-adds it?
In any case, as a general note I think we need autoconf-enable all of
IPA but it currently defaults to installing in /usr as the prefix. This
patch puts things into /usr/local. So I guess it should go into /usr as
well for the time being.
We'll need to update the RPM spec file to had a BuildRequires on
kerberos and openldap (unless we want to link with mozldap).
Should the IPA installer generate the keytab in
FILE:/var/kerberos/krb5kdc/kpasswd.keytab?
The realm name is hardcoded into the source. Can this be a cmd-line or
config file option? Ideally it would be read out of /etc/ipa/ipa.conf.
Is kpasswd a daemon? Should it use syslog for logging?
How many concurrent connections at a time do we expect for this service?
Should we use poll() instead of select()?
The return value of ldap_pwd_change() is unused. How do we know the
change was successful?
There are places where result_err is set but this will never get into
kpreply: to actually use the result and return something, I presume to
the kerberos client. Instead it goes to done: and frees the connection.
There are cases where the daemon will exit with an error. Are these
really unrecoverable?
I don't know kerberos internals so can't really comment on much of the code.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070809/503b2a90/attachment.bin>
More information about the Freeipa-devel
mailing list