GNOME Bugzilla – Bug 686416
kerberos: Discover and validate realm before use
Last modified: 2014-04-09 13:15:48 UTC
We should use realmd to canonicalize the realm name before using it in an identity. Provide feedback to the user whether its incorrect. This is much easier to do now that realmd is used from GoaKerberosProvider. See dependent bug. I'll attach a rough patch for this.
Created attachment 226780 [details] [review] kerberos: Discover and validate realm before use
The patch is untested.
*** Bug 686382 has been marked as a duplicate of this bug. ***
Works for me, but I did not test the patch against bug 686410 with a Samba server. By the way, why don't we populate the dropdown with available realms when the user clicks the + button? Right now, if I enter the wrong realm/domain (say: fubar.org) then it does not give me any hint as to what the valid realms are.
Review of attachment 226780 [details] [review]: commit message could be a little more descriptive. Here's what I came up with: GoaKerberosProvider now talks directly with realmd to get its list of available realms. Since it talks to realmd directly it now has an opportunity to validate what the user is typing, and e.g. map domains the user types into realms. This commit adds that additional discovery logic, rather than passing what the user types blindly to the identity service. Otherwise, patch seems to be okay as far as I can tell. I think we should consider reordering the entries so they're in the same order as the user accounts panel, but that's separate.
Attachment 226780 [details] pushed as 604354b - kerberos: Discover and validate realm before use
(for those not following IRC, comment 4 was addressed there. We do populate the drop down from realmd, but realmd could use better tricks for guessing available domains in cases the network isn't configured ideally)
Created attachment 226956 [details] [review] goaidentity: drop realm discovery/proxying from identity service The identity service currently proxies all realmd realms, and talks to realm to look up passed in realms. These features are no longer necessary now that goakerberos provider talks to realmd directly. This commit removes that code. https://bugzilla.gnome.org/show_bug.cgi?id=686416
A few unused variables were left behind. Reopening.
Created attachment 273889 [details] [review] identity: Remove unused variables
Comment on attachment 273889 [details] [review] identity: Remove unused variables Thanks for the review, Ray!