URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code

simo5 commented:
Mi last push fixes the deadlock and another problem in ipalib/krb_utils.py

I haven't figured out exactly what happens in change_password, I see from logs 
sent from @martbab that the kinit as the user alice is performed, but apache 
see only admin connections.

I suspect that the issue is in ipalib/rpc.py in create_connection, where 
apply_session_cookie() is called, but can't be sure.
I need a way to repro these tests locally to confirm.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to