Title: #314: RFC: privilege separation for ipa framework code
Mi last push fixes the deadlock and another problem in ipalib/krb_utils.py
I haven't figured out exactly what happens in change_password, I see from logs
sent from @martbab that the kinit as the user alice is performed, but apache
see only admin connections.
I suspect that the issue is in ipalib/rpc.py in create_connection, where
apply_session_cookie() is called, but can't be sure.
I need a way to repro these tests locally to confirm.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code