On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote:
> >
> >Well, we have separate daemon listening on the
> >/var/run/krb5kdc/DEFAULT.socket in the container which should start
> >the ipa-otpd@.service when there's a connection made to it. But
> >somehow it does not seem to be happening even if I fix the parsing of
> >/etc/ipa/default.conf that ipa-otpd@.service is doing.
> As I wrote earlier, ipa-otpd relies on socket activation feature of
> systemd -- systemd opens this socket and listens for incoming
> connections. Any incoming connection causes to start ipa-otpd daemon and
> connects its stdin/stdout to the socket's client.

And in the container there is no systemd so I emulate it there by just
running a separate daemon listening on that socket which will fork
that ipa-otpd daemon.

> >What is the simplest way to trigger the connection to
> >/var/run/krb5kdc/DEFAULT.socket, for debugging purposes?
> Use socat. Something like
> socat UNIX-LISTEN:/var/run/krb5kdc/DEFAULT.socket,unlink-early,fork 
> EXEC:/usr/libexec/ipa-otpd

I meant, how do I cause the IPA stack (KDC?) to make the connection
and communication with the ipa-otpd daemon?

Also, does the Sync OTP Token operation invoke the ipa-otpd daemon
path (so if Duncan managed to sync the token, it worked for him at
least once) in any way or does it bypass it?

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to