[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "fixing" syncrepl with GSSAPI (MIT kerberos)

Am Mittwoch 23 Juni 2010, 05:39:06 schrieb Quanah Gibson-Mount:
> --On Tuesday, June 22, 2010 8:38 PM -0700 Quanah Gibson-Mount
> <quanah@zimbra.com> wrote:
> > --On Tuesday, June 22, 2010 4:27 PM +0200 Ralf Haferkamp
> > <rhafer@suse.de>
> > 
> > wrote:
> >> Did I overlook something? Would anybody object if I'd commit the
> >> required changes?
> > 
> > Shouldn't they just use the TCP/IP timeout code introduced in
> > 2.4.22?
> Never mind, that's for keep alive... :P
> If MIT's changing, it seems somewhat silly to me to change the code
> now.
The change hasn't been released yet. I guess it'll still take some time 
until it is. To me the change in slapd seems to make sense anyway as it 
seems be the correct way to react when packages couldn't be send to the 
consumer (There might be other situations where that happens, apart from 
the SASL/(MIT-)GSSAPI case. This one is just the easiest to reproduce). 
as the connection is already prepared for being closed, just the last 
step is missing.
> In any case, it's never been difficult to simply build OpenLDAP
> against Heimdal libs, regardless if MIT is used or not.
Yes, I know. Let's just say that for non-technical reasons we currently 
need to use MIT Kerberos.