[Freeipa-devel] [PATCH] 810 fix re-enrolling a host with a OTP
Rob Crittenden
rcritten at redhat.com
Tue Jul 19 14:34:41 UTC 2011
Martin Kosek wrote:
> On Fri, 2011-07-01 at 11:40 -0400, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Rob Crittenden wrote:
>>>> Don't set krbLastPwdChange when setting a host OTP password.
>>>>
>>>> We have no visibility into whether an entry has a keytab or not so
>>>> krbLastPwdChange is used as a rough guide.
>>>>
>>>> If this value exists during enrollment then it fails because the host is
>>>> considered already joined. This was getting set when a OTP was added to
>>>> a host that had already been enrolled (e.g. you enroll a host, unenroll
>>>> it, set a OTP, then try to re-enroll). The second enrollment was failing
>>>> because the enrollment plugin thought it was still enrolled becaused
>>>> krbLastPwdChange was set.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/1357
>>>>
>>>> rob
>>>
>>> self-nack, found a corner case.
>>
>> Updated patch.
>>
>> rob
>
> ACK. Works as advertised, no problem found.
>
> Martin
>
pushed to master and ipa-2-0
More information about the Freeipa-devel
mailing list