fixes https://fedorahosted.org/freeipa/ticket/5528

--
Martin^3 Babinsky
From 1e6dcfe235b1c9e563dd0fd3408ef93008010a89 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Mon, 14 Dec 2015 14:28:41 +0100
Subject: [PATCH] ipa-client-install: create a temporary directory for ccache
 files

gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format
in credential cache' error when a name of an existing zero-length file is
passed as a ccache parameter. Use temporary directory instead and let GSSAPI
to create file-based ccache on demand.

https://fedorahosted.org/freeipa/ticket/5528
---
 ipa-client/ipa-install/ipa-client-install | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 9556cdec0fbb5b07984ebf39ee8d4cdd8e53ed97..e9a7d45c3f82a58f6297db7354eb784f6416db4b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -2578,8 +2578,8 @@ def install(options, env, fstore, statestore):
                 root_logger.error("Test kerberos configuration failed")
                 return CLIENT_INSTALL_ERROR
             env['KRB5_CONFIG'] = krb_name
-            (ccache_fd, ccache_name) = tempfile.mkstemp()
-            os.close(ccache_fd)
+            ccache_dir = tempfile.mkdtemp(prefix='krbcc')
+            ccache_name = os.path.join(ccache_dir, 'ccache')
             join_args = [paths.SBIN_IPA_JOIN,
                          "-s", cli_server[0],
                          "-b", str(realm_to_suffix(cli_realm)),
@@ -2727,7 +2727,7 @@ def install(options, env, fstore, statestore):
             except OSError:
                 root_logger.error("Could not remove %s", krb_name)
             try:
-                os.remove(ccache_name)
+                os.rmdir(ccache_dir)
             except OSError:
                 pass
             try:
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to