[Freeipa-devel] [PATCH 0001] ipa-client-install: attempt to get host TGT several times before aborting client installation
Martin Babinsky
mbabinsk at redhat.com
Tue Mar 3 07:58:33 UTC 2015
On 03/02/2015 04:28 PM, Rob Crittenden wrote:
> Petr Vobornik wrote:
>>>>>>>> On 01/12/2015 05:45 PM, Martin Babinsky wrote:
>>>>>>>>> related to ticket https://fedorahosted.org/freeipa/ticket/4808
>>
>> this patch seems to be a bit forgotten.
>>
>> It works, looks fine.
>>
>> One minor issue: trailing whitespaces in the man page.
>>
>> I also wonder if it shouldn't be used in other tools which call kinit
>> with keytab:
>> * ipa-client-automount:434
>> * ipa-client-install:2591 (this usage should be fine since it's used for
>> server installation)
>> * dcerpc.py:545
>> * rpcserver.py: 971, 981 (armor for web ui forms base auth)
>>
>> Most importantly the ipa-client-automount because it's called from
>> ipa-client-install (if location is specified) and therefore it might
>> fail during client installation.
>>
>> Or also, kinit call with admin creadentials worked for the user but I
>> wonder if it was just a coincidence and may break under slightly
>> different but similar conditions.
>
> I think that's a fine idea. In fact there is already a function that
> could be extended, kinit_hostprincipal().
>
> rob
>
So in principle we could add multiple TGT retries to
"kinit_hostprincipal()" and then plug this function to all the places
Petr mentioned in order to provide this functionality each time TGT is
requested using keytab.
Do I understand it correctly?
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list