On Fri, 2011-07-01 at 11:40 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Rob Crittenden wrote:
> >> Don't set krbLastPwdChange when setting a host OTP password.
> >> We have no visibility into whether an entry has a keytab or not so
> >> krbLastPwdChange is used as a rough guide.
> >> If this value exists during enrollment then it fails because the host is
> >> considered already joined. This was getting set when a OTP was added to
> >> a host that had already been enrolled (e.g. you enroll a host, unenroll
> >> it, set a OTP, then try to re-enroll). The second enrollment was failing
> >> because the enrollment plugin thought it was still enrolled becaused
> >> krbLastPwdChange was set.
> >> https://fedorahosted.org/freeipa/ticket/1357
> >> rob
> > self-nack, found a corner case.
> Updated patch.
ACK. Works as advertised, no problem found.
Freeipa-devel mailing list