[Freeipa-devel] [PATCH 0065] Use private ccache in ipa-server-install
Tomas Babej
tbabej at redhat.com
Wed Jun 5 11:23:16 UTC 2013
On 06/04/2013 01:29 PM, Tomas Babej wrote:
> On 06/03/2013 02:58 PM, Martin Kosek wrote:
>> On 06/03/2013 02:43 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> this patch fixes the installation problems on master on F19 with
>>> krb5 packages
>>>> = 1.11.2-6
>>> https://fedorahosted.org/freeipa/ticket/3666
>>>
>>> Tomas
>> 1) Leaving cache_desc open:
>>
>> + (cache_desc, cache_path) = tempfile.mkstemp(prefix='krbcc')
>> + os.environ['KRB5CCNAME'] = cache_path
>>
>> Why do we keep the descriptor open and close it at the and of the
>> installation?
>> Can we close it right after tempfile.mkstemp? I think we do it this
>> way in
>> other places in installation.
>>
>> 2) What about other installers where we handle Kerberos auth, like
>> ipa-{replica,dns,ca}-install?
>>
>> A common function, other shared means, of handling KRB5CCNAME may be
>> appropriate to avoid duplicating code too much.
>>
>> Martin
> I moved the code responsible to PrivateCCache class, both for
> readability and conciseness.
>
> Private ccache now used in replica,dns and ca the installers. I
> managed to reproduce the error only with
> dns-install though(fails on adding the service principal), but having
> a private ccache for the installer should not hurt.
>
> Ipa-adtrust-install requires the admin ticket, so there shouldn't be
> an issue.
My reasoning was flawed here, ipa-adtrust-install attempts to re-kinit
admin ticket, so it needs the private ccache as well.
Sending one-liner fix.
Tomas
>
> Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0066-Use-private-ccache-in-ipa-adtrust-install.patch
Type: text/x-patch
Size: 1124 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130605/643aad09/attachment.bin>
More information about the Freeipa-devel
mailing list