[17186] in Kerberos_V5_Development
Re: gss_pname_to_uid: is that the right interface
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Sep 20 17:11:48 2011
MIME-Version: 1.0
In-Reply-To: <tslvcsn6ntz.fsf@mit.edu>
Date: Tue, 20 Sep 2011 16:11:26 -0500
Message-ID: <CAK3OfOh=4uTPgVDfJuj+g6euwP6z_6A6g6iFRh=GHG136-R=Wg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Sam Hartman <hartmans@mit.edu>
Cc: lha@h5l.org, lukeh@padl.com, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I think this one's really just for compatibility with Solaris. I
agree that putting UIDs in any of these APIs is a bad idea, but I'm
not sure that the SSSD problem wouldn't exist for your proposed
variant. If the problem for SSSD is one of timing, why couldn't that
problem exist for *any* GSS version of krb5_aname_to_lname()?
Any timing issues w.r.t. SSSD should be documented by RedHat and/or
the mechanism implementor/vendor.
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
