On 06/04/2013 01:29 PM, Tomas Babej wrote:
On 06/03/2013 02:58 PM, Martin Kosek wrote:
On 06/03/2013 02:43 PM, Tomas Babej wrote:
Hi,

this patch fixes the installation problems on master on F19 with krb5 packages
= 1.11.2-6
https://fedorahosted.org/freeipa/ticket/3666

Tomas
1) Leaving cache_desc open:

+        (cache_desc, cache_path) = tempfile.mkstemp(prefix='krbcc')
+        os.environ['KRB5CCNAME'] = cache_path

Why do we keep the descriptor open and close it at the and of the installation? Can we close it right after tempfile.mkstemp? I think we do it this way in
other places in installation.

2) What about other installers where we handle Kerberos auth, like
ipa-{replica,dns,ca}-install?

A common function, other shared means, of handling KRB5CCNAME may be
appropriate to avoid duplicating code too much.

Martin
I moved the code responsible to PrivateCCache class, both for readability and conciseness.

Private ccache now used in replica,dns and ca the installers. I managed to reproduce the error only with dns-install though(fails on adding the service principal), but having a private ccache for the installer should not hurt.

Ipa-adtrust-install requires the admin ticket, so there shouldn't be an issue.

My reasoning was flawed here, ipa-adtrust-install attempts to re-kinit admin ticket, so it needs the private ccache as well.

Sending one-liner fix.

Tomas


Tomas

From 0177d6a7f14b87f42647376001e6ac580ca38e57 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 5 Jun 2013 13:17:19 +0200
Subject: [PATCH] Use private ccache in ipa-adtrust-install

The ipa-adtrust-install script attempts to automatically re-kinit
admin user ticket, hence it needs private ccache or the usage
of the ipa-adtrust-install with sudo/su will fail.

https://fedorahosted.org/freeipa/ticket/3666
---
 install/tools/ipa-adtrust-install | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 5744c6f67aee5f55877d7ef1691e98dfdb8d8718..09831617de7daf03e876897eef1d99d9a1a4a8c6 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -405,5 +405,6 @@ information"""
     return 0
 
 if __name__ == '__main__':
-    run_script(main, log_file_name=log_file_name,
-            operation_name='ipa-adtrust-install')
+    with private_ccache():
+        run_script(main, log_file_name=log_file_name,
+                   operation_name='ipa-adtrust-install')
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to