[Freeipa-devel] [PATCH] 0034 Improve handling of options in ipa-client-install
Rob Crittenden
rcritten at redhat.com
Thu Jun 6 13:49:50 UTC 2013
Jan Pazdziora wrote:
> On Wed, Jun 05, 2013 at 04:14:36PM +0200, Ana Krivokapic wrote:
>> Hello,
>>
>> The attached patch should improve handling of client re-enrollment
>> related options of ipa-client-install.
>>
>> https://fedorahosted.org/freeipa/ticket/3686
>
> [...]
>
>>
>> + if options.keytab and options.principal:
>> + root_logger.error("Options 'principal' and 'keytab' cannot be used "
>> + "together.")
>> + return CLIENT_INSTALL_ERROR
>> +
>
> I know that this check only explains what happens later in the code
> but isn't using custom principal _plus_ a keytab for that principal
> a valid combination? Right now, it's either principal + password, or
> keytab and from that keytab a specific host/* principal. Can't it be
> ptincipal + keytab?
>
You do raise an interesting point. I think the assumption is that there
is only one principal in the keytab.
rob
More information about the Freeipa-devel
mailing list