On 03/29/2013 01:48 PM, Jan Cholasta wrote:
> On 29.3.2013 12:46, Martin Kosek wrote:
>> 1) This causes an error in the test suite:
>>
>> ======================================================================
>> FAIL: test_service[23]: service_mod: Enable
>> u'HTTP/testhost1.idm.lab.bos.redhat....@idm.lab.bos.redhat.com' 
>> OK_AS_DELEGATE
>> Kerberos ticket flag
>> ----------------------------------------------------------------------
>> Traceback (most recent call last):
>>    File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
>>      self.test(*self.arg)
>>    File "/root/freeipa-master/tests/test_xmlrpc/xmlrpc_test.py", line 267, in
>> <lambda>
>>      func = lambda: self.check(nice, **test)
>>    File "/root/freeipa-master/tests/test_xmlrpc/xmlrpc_test.py", line 285, in
>> check
>>      self.check_output(nice, cmd, args, options, expected, extra_check)
>>    File "/root/freeipa-master/tests/test_xmlrpc/xmlrpc_test.py", line 323, in
>> check_output
>>      assert_deepequal(expected, got, nice)
>>    File "/root/freeipa-master/tests/util.py", line 335, in assert_deepequal
>>      assert_deepequal(e_sub, g_sub, doc, stack + (key,))
>>    File "/root/freeipa-master/tests/util.py", line 335, in assert_deepequal
>>      assert_deepequal(e_sub, g_sub, doc, stack + (key,))
>>    File "/root/freeipa-master/tests/util.py", line 323, in assert_deepequal
>>      assert_deepequal(e_sub, g_sub, doc, stack + (i,))
>>    File "/root/freeipa-master/tests/util.py", line 343, in assert_deepequal
>>      VALUE % (doc, expected, got, stack)
>> AssertionError: assert_deepequal: expected != got.
>>    test_service[23]: service_mod: Enable
>> u'HTTP/testhost1.idm.lab.bos.redhat....@idm.lab.bos.redhat.com' 
>> OK_AS_DELEGATE
>> Kerberos ticket flag
>>    expected = u'1048576'
>>    got = u'1048704'
>>    path = ('result', 'krbticketflags', 0)
>>
> 
> Fixed.
> 
>> ----------------------------------------------------------------------
>>
>> 2) Since we add REQUIRES_PRE_AUTH flag by default, shouldn't we then also add
>> --requires-pre-auth flag as I wrote above so that admin can get rid of this
>> flag if he chooses to?
> 
> Added.
> 
> Updated patch attached.
> 
> Honza
> 

I discussed this approach also with Simo and current state should be OK since
we manipulate krbticketflags only for hosts and services. When we add these
options also for users, we need to add big fat warning that pre_auth flag is
required for users in order work correctly.

ACK. Pushed to master.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to