[Freeipa-devel] [PATCH] [WIP] 108 Fix client enrollment
Martin Kosek
mkosek at redhat.com
Thu Aug 11 11:59:18 UTC 2011
On Thu, 2011-08-11 at 13:07 +0300, Alexander Bokovoy wrote:
> On 11.08.2011 12:19, Martin Kosek wrote:
> > This is a first shot for client enrollment fix. I had to pull the new
> > version of xmlrpc-c from koji as it is not in updates-testing repo yet:
> >
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=257947
> >
> > Fixed curl package is already in stable repos.
> >
> > Unfortunately, it seems that credentials are not delegated yet. I still
> > get "did not receive Kerberos credentials" error from the server. Any
> > idea what went wrong? Adding xmlrpc-c maintainer on CC.
>
> Looking at ipa-join.c patch, I noticed one thing:
> > diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
> > index 95f2939cd9812d70aab6d29fb526ac9eb7b5479d..23af923e9d3ae1c466ffa19ea5f2aaac89ebec37 100644
> > --- a/ipa-client/ipa-join.c
> > +++ b/ipa-client/ipa-join.c
> > @@ -149,6 +149,8 @@ callRPC(xmlrpc_env * const envP,
> > curlXportParmsP->no_ssl_verifypeer = 1;
> > curlXportParmsP->no_ssl_verifyhost = 1;
> > curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
> > + /* Enable GSSAPI credentials delegation */
> > + curlXportParmsP->gssapi_delegation = 1;
> >
> > clientparms.transport = "curl";
> > clientparms.transportparmsP = (struct xmlrpc_xportparms *)
>
> I think you also need to bump XMLRPC_CXPSIZE() to gssapi_delegation:
>
> diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
> index 95f2939..f6ca693 100644
> --- a/ipa-client/ipa-join.c
> +++ b/ipa-client/ipa-join.c
> @@ -149,11 +149,13 @@ callRPC(xmlrpc_env * const envP,
> curlXportParmsP->no_ssl_verifypeer = 1;
> curlXportParmsP->no_ssl_verifyhost = 1;
> curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
> + /* Enable GSSAPI credentials delegation */
> + curlXportParmsP->gssapi_delegation = 1;
>
> clientparms.transport = "curl";
> clientparms.transportparmsP = (struct xmlrpc_xportparms *)
> curlXportParmsP;
> - clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo);
> + clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation);
> xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION,
> &clientparms, sizeof(clientparms),
> &clientP);
>
Thanks, that was the problem. I wonder how I missed it. Attaching the
updated patch, client enrollment on F-15 works.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-108-2-fix-client-enrollment.patch
Type: text/x-patch
Size: 3065 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110811/c9db30c3/attachment.bin>
More information about the Freeipa-devel
mailing list