[Freeipa-devel] [PATCH 0002] Port from python-krbV to python-gssapi
Robbie Harwood
rharwood at redhat.com
Mon Aug 24 18:29:18 UTC 2015
Michael Šimáček <msimacek at redhat.com> writes:
> On 2015-08-24 17:49, Simo Sorce wrote:
>
>> On Mon, 2015-08-24 at 17:18 +0200, Michael Šimáček wrote:
>>
>>> On 2015-08-24 14:50, Jan Cholasta wrote:
>>>
>>>> On 23.8.2015 23:27, Michael Šimáček wrote:
>>>>
>>>> 3) ipa-adtrust-install fails with:
>>>>
>>>> admin password:
>>>>
>>>> Unrecognized error during check of admin rights:
>>>> admin at abc.idm.lab.eng.brq.redhat.com: user not found
>>>>
>>>> Apparently there is a "user-show admin at abc.idm.lab.eng.brq.redhat.com"
>>>> call where a "user-show admin" call should be.
>>>
>>> Fixed. python-gssapi has a display_as method that could pull the name
>>> from it, but it doesn't work in current version, therefore using
>>> partition to split on '@'
It's actually a bug in MIT Krb5, as we noted in your bug[0]. So this:
> - user = api.Command.user_show(unicode(principal[0]))['result']
> + user = api.Command.user_show(principal.partition('@')[0])['result']
is working around a bug in specific Kerberos versions. If people are
okay with merging such code, then I guess this is fine; I would
personally not do so because there is not a clear point at which it can
be removed. At the very least, we should wait until we see what
versions of krb5 MIT is going to fix.
Otherwise, looks good.
[0]: https://github.com/pythongssapi/python-gssapi/issues/79
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150824/c61d5135/attachment.sig>
More information about the Freeipa-devel
mailing list