On Fri, 2011-07-01 at 11:40 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Rob Crittenden wrote:
> >> Don't set krbLastPwdChange when setting a host OTP password.
> >>
> >> We have no visibility into whether an entry has a keytab or not so
> >> krbLastPwdChange is used as a rough guide.
> >>
> >> If this value exists during enrollment then it fails because the host is
> >> considered already joined. This was getting set when a OTP was added to
> >> a host that had already been enrolled (e.g. you enroll a host, unenroll
> >> it, set a OTP, then try to re-enroll). The second enrollment was failing
> >> because the enrollment plugin thought it was still enrolled becaused
> >> krbLastPwdChange was set.
> >>
> >> https://fedorahosted.org/freeipa/ticket/1357
> >>
> >> rob
> >
> > self-nack, found a corner case.
> 
> Updated patch.
> 
> rob

ACK. Works as advertised, no problem found.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to