Remove some additional instances of krbV from ipa-client
Make two krbV imports conditional. These aren't used during a client install so should cause no problems. Also fix the client installer to use the new env option in ipautil.run. We weren't getting the krb5 configuration set in the environment because we were overriding the environment to set the PATH. ticket 136 rob
>From 3e80e3d35109c5c10e60253d6381938bfb4d950b Mon Sep 17 00:00:00 2001 From: Rob Crittenden <[email protected]> Date: Fri, 10 Sep 2010 15:57:40 -0400 Subject: [PATCH] Remove some additional instances of krbV from ipa-client Make two krbV imports conditional. These aren't used during a client install so should cause no problems. Also fix the client installer to use the new env option in ipautil.run. We weren't getting the krb5 configuration set in the environment because we were overriding the environment to set the PATH. ticket 136 --- ipa-client/ipa-install/ipa-client-install | 10 +++++----- ipalib/util.py | 5 ++++- ipapython/config.py | 10 +++++++--- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index d8ce5c9..cf002d3 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -490,6 +490,7 @@ def main(): options = parse_options() logging_setup(options) dnsok = True + env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} global fstore fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore') @@ -605,7 +606,7 @@ def main(): if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, krb_name): print "Test kerberos configuration failed" return 1 - os.environ['KRB5_CONFIG'] = krb_name + env['KRB5_CONFIG'] = krb_name join_args = ["/usr/sbin/ipa-join", "-s", cli_server] if options.debug: join_args.append("-d") @@ -627,7 +628,7 @@ def main(): else: stdin = sys.stdin.readline() - (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kinit", principal], raiseonerr=False, stdin=stdin) + (stderr, stdout, returncode) = run(["kinit", principal], raiseonerr=False, stdin=stdin, env=env) print "" if returncode != 0: print stdout @@ -644,7 +645,7 @@ def main(): join_args.append(password) # Now join the domain - (stdout, stderr, returncode) = run(join_args, raiseonerr=False) + (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) if returncode != 0: print "Joining realm failed: %s" % stderr, @@ -660,8 +661,7 @@ def main(): finally: if options.principal is not None: - (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kdestroy"], raiseonerr=False) - del os.environ['KRB5_CONFIG'] + (stderr, stdout, returncode) = run(["kdestroy"], raiseonerr=False, env=env) os.remove(krb_name) os.remove(krb_name + ".ipabkp") diff --git a/ipalib/util.py b/ipalib/util.py index 4aff88f..6bd1da5 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -25,7 +25,6 @@ import os import imp import logging import time -import krbV import socket from types import NoneType @@ -49,7 +48,11 @@ def json_serialize(obj): def get_current_principal(): try: + # krbV isn't necessarily available on client machines, fail gracefully + import krbV return unicode(krbV.default_context().default_ccache().principal().name) + except ImportError: + raise RuntimeError('python-krbV is not available.') except krbV.Krb5Error: #TODO: do a kinit? raise errors.CCacheError() diff --git a/ipapython/config.py b/ipapython/config.py index f3532c4..12d916c 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -20,7 +20,6 @@ import ConfigParser from optparse import OptionParser, IndentedHelpFormatter -import krbV import socket import ipapython.dnsclient import re @@ -113,8 +112,13 @@ def __discover_config(discover_server = True): rl = 0 try: if not config.default_realm: - krbctx = krbV.default_context() - config.default_realm = krbctx.default_realm + try: + # only import krbV when we need it + import krbV + krbctx = krbV.default_context() + config.default_realm = krbctx.default_realm + except ImportError: + pass if not config.default_realm: return False -- 1.7.2.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
