On 03/06/2015 02:08 PM, Jan Cholasta wrote:
Dne 6.3.2015 v 13:05 Martin Babinsky napsal(a):
This series of patches for the master/4.1 branch attempts to implement
some of the Rob's and Petr Vobornik's ideas which originated from a
discussion on this list regarding my original patch fixing
I suppose that these patches are just a first iteration, we may further
discuss if this is the right thing to do.
Below is a quote from the original discussion just to get the context:
1) Why 5 patches for 2 changes (kinit_hostprincipal instead of exec
kinit, ipa-client-install --kinit-attempts)?
Will squish them to a smaller number (2-3)
2) IMO a for loop would be better than an infinite while loop:
for attempt in range(attempts):
except krbV.Krb5Error as e:
# kinit failed
# max attempts reached
That's true. Infinite loops are tad scary anyway.
According to Petr Vobornik (see his reply), the user is limited mostly
to FILE ccache type, so I don't know if it will make sense to support
also other types.
3) I think it would be nice to support ccache types other than FILE.
Dumb me didn't realize that 'ccache_file' is a reference to an actual
filesystem path and that the filename can be set dynamically depending
on path type (directory vs. file).
4) I would prefer if you kept using the full ccache name returned from
kinit_hostprincipal when connecting to LDAP.
5) Given that the ccache path usually ends with "/ccache", I would
retain the old way of calling kinit_hostprincipal. You can do something
like this to support all of the above:
def kinit_hostprincipal(keytab, ccache_file, principal, attempts=1):
ccache_file = os.path.join(ccache_file, 'ccache')
(You don't need to prepend "FILE:", as it is the default ccache type.)
Thank you for your comments. Will update the patches accordingly.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code