Re: Freeze exception for sssd?

To: debian-release@lists.debian.org
Subject: Re: Freeze exception for sssd?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 13 Aug 2010 07:40:36 +0200
Message-id: <[🔎] 20100813054036.GC10003@login2.uio.no>
In-reply-to: <[🔎] 8739ujeb26.fsf@windlord.stanford.edu>
References: <[🔎] 2fl4oeztte1.fsf@login2.uio.no> <[🔎] 87mxsrecmf.fsf@windlord.stanford.edu> <[🔎] 20100812214242.GB10003@login2.uio.no> <[🔎] 8739ujeb26.fsf@windlord.stanford.edu>

[Russ Allbery]
> That's frustrating, but the current code is going to break for a
> bunch of other people and is also going directly against the
> intended purpose for the SRV records.

If the new autodetection do not work, the sites will be no worse off
than before, where the the old static default configuration had to be
manually replaced after installation.

So the new version make the package better for some sites, and leave
the others in the same situation as they used to be in - having to
replace the config with their sites settings after installation.

This new version will work out of the box for more sites than before,
which was zero, but I know it will not work out of the box for all
sites, and accept that as it work for the sites I am involved in. :)

I would love to get it working for more sites, but suspect that will
have to wait for squeeze+1. :(

> It's not uncommon for specific hostnames to be grabbed by some other
> department or project for legacy reasons, and one of the primary
> purposes of SRV records is to be the canonical source of data so
> that people don't do the wrong thing with hostname guessing.

Did you test it at your site?  Did it work or fail for you?

> Maybe maintain a blacklist of specific sites that cannot use SRV
> records for whatever reason?

Not too keen on hardcoding site lists in the package, but am willing
to find ways to make the autodetection work better.  Please submit a
BTS report if it fail for you, and lets see if we can work out ways to
get the autodetection work also for you. :)

> Incidentally, if /etc/krb5.conf exists, you probably want to look
> there for the Kerberos realm and KDCs, since that file overrides DNS
> for all Kerberos code and is most likely to be correct if it is
> present and contains the information you want.

Yes, I agree, but I ran out of time for such adjustment of the
autodetection.  Sound good, but perhaps for the next release.  It
could also look in /etc/ldap/ldap.conf for the LDAP settings. :)

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Freeze exception for sssd?
  - From: Russ Allbery <rra@debian.org>
- Re: Freeze exception for sssd?
  - From: Philipp Kern <pkern@debian.org>

References:
- Freeze exception for sssd?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Freeze exception for sssd?
  - From: Russ Allbery <rra@debian.org>
- Re: Freeze exception for sssd?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Freeze exception for sssd?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: hello team! regarding freeze exception of mobile-broadband-provider-info package
Next by Date: Re: approval request for php-suhosin 0.9.32.1-1
Previous by thread: Re: Freeze exception for sssd?
Next by thread: Re: Freeze exception for sssd?
Index(es):
- Date
- Thread