URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code

HonzaCholasta commented:
@simo5, I don't think this is the correct approach. Rather than deleting 
`context.session_cookie` in `RPCClient.destroy_connection()` when requested, it 
should be done automatically in `RPCClient.create_connection()` when the 
principal name in the ccache is different from the principal name of the cookie.

Also, IMHO it would be preferable to keep the changes in `ipatest/util.py` in a 
separate commit and not mix them with the generic changes not related only to 
tests in `ipalib/rpc.py`.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to