[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code
HonzaCholasta
freeipa-github-notification at redhat.com
Thu Feb 9 11:05:58 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
While investigating the CI test failures, I stumbled upon another issue - two simultaneous login requests will deadlock httpd until it is restarted. This is how I did it:
```bash
(
export KRB5CCNAME=$(mktemp)
echo password | kinit admin
curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt --negotiate -u : -e https://$HOSTNAME/ipa/session/json -D -
) & (
export KRB5CCNAME=$(mktemp)
echo password | kinit notadmin
curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt --negotiate -u : -e https://$HOSTNAME/ipa/session/json -D -
)
```
It is not reproducible on the master branch.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/314#issuecomment-278611793
More information about the Freeipa-devel
mailing list