On 11.08.2011 14:59, Martin Kosek wrote: > On Thu, 2011-08-11 at 13:07 +0300, Alexander Bokovoy wrote: >> On 11.08.2011 12:19, Martin Kosek wrote: >>> This is a first shot for client enrollment fix. I had to pull the new >>> version of xmlrpc-c from koji as it is not in updates-testing repo yet: >>> >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=257947 >>> >>> Fixed curl package is already in stable repos. >>> >>> Unfortunately, it seems that credentials are not delegated yet. I still >>> get "did not receive Kerberos credentials" error from the server. Any >>> idea what went wrong? Adding xmlrpc-c maintainer on CC. >> >> Looking at ipa-join.c patch, I noticed one thing: >>> diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c >>> index >>> 95f2939cd9812d70aab6d29fb526ac9eb7b5479d..23af923e9d3ae1c466ffa19ea5f2aaac89ebec37 >>> 100644 >>> --- a/ipa-client/ipa-join.c >>> +++ b/ipa-client/ipa-join.c >>> @@ -149,6 +149,8 @@ callRPC(xmlrpc_env * const envP, >>> curlXportParmsP->no_ssl_verifypeer = 1; >>> curlXportParmsP->no_ssl_verifyhost = 1; >>> curlXportParmsP->cainfo = "/etc/ipa/ca.crt"; >>> + /* Enable GSSAPI credentials delegation */ >>> + curlXportParmsP->gssapi_delegation = 1; >>> >>> clientparms.transport = "curl"; >>> clientparms.transportparmsP = (struct xmlrpc_xportparms *) >> >> I think you also need to bump XMLRPC_CXPSIZE() to gssapi_delegation: >> >> diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c >> index 95f2939..f6ca693 100644 >> --- a/ipa-client/ipa-join.c >> +++ b/ipa-client/ipa-join.c >> @@ -149,11 +149,13 @@ callRPC(xmlrpc_env * const envP, >> curlXportParmsP->no_ssl_verifypeer = 1; >> curlXportParmsP->no_ssl_verifyhost = 1; >> curlXportParmsP->cainfo = "/etc/ipa/ca.crt"; >> + /* Enable GSSAPI credentials delegation */ >> + curlXportParmsP->gssapi_delegation = 1; >> >> clientparms.transport = "curl"; >> clientparms.transportparmsP = (struct xmlrpc_xportparms *) >> curlXportParmsP; >> - clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo); >> + clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation); >> xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION, >> &clientparms, sizeof(clientparms), >> &clientP); >> > > Thanks, that was the problem. I wonder how I missed it. Attaching the > updated patch, client enrollment on F-15 works. ACK. Should we wait until xmlrpc-c flies into F15 updates? -- / Alexander Bokovoy
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
