On 03/02/2015 04:28 PM, Rob Crittenden wrote:
Petr Vobornik wrote:
On 01/12/2015 05:45 PM, Martin Babinsky wrote:
related to ticket https://fedorahosted.org/freeipa/ticket/4808

this patch seems to be a bit forgotten.

It works, looks fine.

One minor issue: trailing whitespaces in the man page.

I also wonder if it shouldn't be used in other tools which call kinit
with keytab:
* ipa-client-automount:434
* ipa-client-install:2591 (this usage should be fine since it's used for
server installation)
* dcerpc.py:545
* rpcserver.py: 971, 981 (armor for web ui forms base auth)

Most importantly the ipa-client-automount because it's called from
ipa-client-install (if location is specified) and therefore it might
fail during client installation.

Or also, kinit call with admin creadentials worked for the user but I
wonder if it was just a coincidence and may break under slightly
different but similar conditions.

I think that's a fine idea. In fact there is already a function that
could be extended, kinit_hostprincipal().


So in principle we could add multiple TGT retries to "kinit_hostprincipal()" and then plug this function to all the places Petr mentioned in order to provide this functionality each time TGT is requested using keytab.

Do I understand it correctly?

Martin^3 Babinsky

Freeipa-devel mailing list

Reply via email to