Discussion:
[Freeipa-devel] [freeipa PR#547][opened] Use GSS-SPNEGO if connecting locally
simo5
2017-03-07 13:47:59 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: opened

PR body:
"""
GSS-SPNEGO allows us to negotiate a SASL bind with less roundtrips
therefore use it when possible.

We only enable it for local connections for now because we only
recently fixed Cyrus SASL to do proper GSS-SPNEGO negotiation. This
change means a newer and an older version are not compatible.

Restricting ourselves to the local host prevents issues with
incompatible services, and it is ok for us as we are only really
looking for speedups for the local short-lived connections performed
by the framework. Most other clients have longer lived connections,
so peformance improvements there are not as important.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/547/head:pr547
git checkout pr547
simo5
2017-03-07 13:52:10 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/547/head:pr547
git checkout pr547
abbra
2017-03-07 14:30:57 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

abbra commented:
"""
LGTM but I think we should also update Requires: in the spec file to use cyrus-sasl-2.1.26-29.fc26 or later.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/547#issuecomment-284736912
simo5
2017-03-07 14:52:06 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

simo5 commented:
"""
We actually do not need to put a strong require, this patch will work regardless, but won't provide any performance advantage on older versions.

You will add a stronger require when the GC work is done, so we can defer to that point to add it.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/547#issuecomment-284743086
tomaskrizek
2017-03-07 16:36:37 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

tomaskrizek commented:
"""
The patch works with both `cyrus-sasl-2.1.26-26.2.fc24` and `cyrus-sasl-2.1.26-29.fc26`.

Since the newer version is not a hard dependency, we can add it later on, as @simo5 suggested.

"""

See the full comment at https://github.com/freeipa/freeipa/pull/547#issuecomment-284776517
tomaskrizek
2017-03-07 16:36:42 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

Label: +ack
tomaskrizek
2017-03-07 19:10:41 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

tomaskrizek commented:
"""
master:

* adf8aabf10a57383aa6216625921503b83575757 Use GSS-SPNEGO if connecting locally
"""

See the full comment at https://github.com/freeipa/freeipa/pull/547#issuecomment-284824403
tomaskrizek
2017-03-07 19:10:44 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/547/head:pr547
git checkout pr547
tomaskrizek
2017-03-07 19:10:43 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally

Label: +pushed

Loading...