On 06/04/2013 01:29 PM, Tomas Babej wrote:
On 06/03/2013 02:58 PM, Martin Kosek wrote:
I moved the code responsible to PrivateCCache class, both for
readability and conciseness.
On 06/03/2013 02:43 PM, Tomas Babej wrote:
this patch fixes the installation problems on master on F19 with
1) Leaving cache_desc open:
+ (cache_desc, cache_path) = tempfile.mkstemp(prefix='krbcc')
+ os.environ['KRB5CCNAME'] = cache_path
Why do we keep the descriptor open and close it at the and of the
Can we close it right after tempfile.mkstemp? I think we do it this
other places in installation.
2) What about other installers where we handle Kerberos auth, like
A common function, other shared means, of handling KRB5CCNAME may be
appropriate to avoid duplicating code too much.
Private ccache now used in replica,dns and ca the installers. I
managed to reproduce the error only with
dns-install though(fails on adding the service principal), but having
a private ccache for the installer should not hurt.
Ipa-adtrust-install requires the admin ticket, so there shouldn't be
My reasoning was flawed here, ipa-adtrust-install attempts to re-kinit
admin ticket, so it needs the private ccache as well.
Sending one-liner fix.
From 0177d6a7f14b87f42647376001e6ac580ca38e57 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 5 Jun 2013 13:17:19 +0200
Subject: [PATCH] Use private ccache in ipa-adtrust-install
The ipa-adtrust-install script attempts to automatically re-kinit
admin user ticket, hence it needs private ccache or the usage
of the ipa-adtrust-install with sudo/su will fail.
install/tools/ipa-adtrust-install | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 5744c6f67aee5f55877d7ef1691e98dfdb8d8718..09831617de7daf03e876897eef1d99d9a1a4a8c6 100755
@@ -405,5 +405,6 @@ information"""
if __name__ == '__main__':
- run_script(main, log_file_name=log_file_name,
+ with private_ccache():
+ run_script(main, log_file_name=log_file_name,
Freeipa-devel mailing list