Title: #314: RFC: privilege separation for ipa framework code
@simo5, I don't think this is the correct approach. Rather than deleting
`context.session_cookie` in `RPCClient.destroy_connection()` when requested, it
should be done automatically in `RPCClient.create_connection()` when the
principal name in the ccache is different from the principal name of the cookie.
Also, IMHO it would be preferable to keep the changes in `ipatest/util.py` in a
separate commit and not mix them with the generic changes not related only to
tests in `ipalib/rpc.py`.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code