[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] [PATCH] Try to reacquire keytab file if host already joined



Hello fellow devs,

I have a proposed patch for ticket #2106
(https://fedorahosted.org/freeipa/ticket/2106)

if return code is 13 (Host already joined) of ipa-join command the
host will try to reacquire the keytab file.

Feedback appreciated!

Cheers,
Lars
From 96d58f994ea097d9e62c7aae831066e4a25b01a9 Mon Sep 17 00:00:00 2001
From: Lars Sjostrom <lars radicore se>
Date: Tue, 20 Mar 2012 12:48:07 +0100
Subject: [PATCH] Try to reacquire keytab file if host already joined

---
 ipa-client/ipa-install/ipa-client-install |   26 ++++++++++++++++++++++----
 1 files changed, 22 insertions(+), 4 deletions(-)
 mode change 100755 => 100644 ipa-client/ipa-install/ipa-client-install

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
old mode 100755
new mode 100644
index 75c6065..a2626b0
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1237,6 +1237,7 @@ def install(options, env, fstore, statestore):
 
     if not options.on_master:
         nolog = tuple()
+        password = None
         # First test out the kerberos configuration
         try:
             # Attempt to sync time with IPA server.
@@ -1297,9 +1298,10 @@ def install(options, env, fstore, statestore):
                     print stdout
                     return CLIENT_INSTALL_ERROR
             elif options.password:
-                nolog = (options.password,)
+                password = options.password
+                nolog = (password,)
                 join_args.append("-w")
-                join_args.append(options.password)
+                join_args.append(password)
             elif options.prompt_password:
                 if options.unattended:
                     print "Password must be provided in non-interactive mode"
@@ -1318,11 +1320,27 @@ def install(options, env, fstore, statestore):
             # Now join the domain
             (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env, nolog=nolog)
 
-            if returncode != 0:
+            if returncode == 13:
+                print "%s" % stderr       
+                print "Trying to reacquire keytab file"
+                getkeytab_args = ["/usr/sbin/ipa-getkeytab", "-s", cli_server, "-p", "host/%s" % hostname,
+                                  "-k", "/etc/krb5.keytab"]
+                if password:
+                    getkeytab_args.append("-D") 
+                    getkeytab_args.append(realm_to_suffix(cli_realm))
+                    getkeytab_args.append("-w")
+                    getkeytab_args.append(password)
+                (stdout, stderr, returncode) = run(getkeytab_args, raiseonerr=False, env=env, nolog=nolog)
+                if returncode != 0:
+                    print >>sys.stderr, "Re-acquiring of keytab file failed: %s" % stderr,
+                    if not options.force:
+                        return CLIENT_INSTALL_ERROR
+                else:
+                    print "Enrolled in IPA realm %s" % cli_realm 
+            elif returncode != 0:
                 print >>sys.stderr, "Joining realm failed: %s" % stderr,
                 if not options.force:
                     return CLIENT_INSTALL_ERROR
-                print "  Use ipa-getkeytab to obtain a host principal for this server."
             else:
                 print "Enrolled in IPA realm %s" % cli_realm
 
-- 
1.7.7.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]