[Freeipa-devel] [PATCH] Try to reacquire keytab file if host already joined
Lars Sjöström
lars at radicore.se
Tue Mar 20 13:11:27 UTC 2012
Hi,
Understood! Would it be ok to add an optional flag then?
like --reacquire ?
like so:
# run only if force and reacquire is set
if options.force and options.reacquire:
# try to fetch keytab...
Cheers,
Lars
Den 20 mars 2012 13:44 skrev Simo Sorce <simo at redhat.com>:
> On Tue, 2012-03-20 at 13:00 +0100, Lars Sjöström wrote:
>> Hello fellow devs,
>>
>> I have a proposed patch for ticket #2106
>> (https://fedorahosted.org/freeipa/ticket/2106)
>>
>> if return code is 13 (Host already joined) of ipa-join command the
>> host will try to reacquire the keytab file.
>>
>> Feedback appreciated!
>
> Hi Lars, at the very least this should be conditional and be allowed
> only when an override flag is passed. The reason we punt here is that
> you may be trying to join a machine with the same name of an already
> joined and working machine by mistake.
> We do not want to void that other machine credentials unless the admin
> wants to force it.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
--
Lars Sjöström
Senior Consultant / Owner
Radicore AB
Mobile: +46 (0)703 021502
Email: lars at radicore.se
Web: http://www.radicore.se
More information about the Freeipa-devel
mailing list