[freeipa-mkosek-388-use-temporary-ccache-in-ipa-client-install.patch]:
ipa-client-install failed if user had set his own KRB5CCNAME in his
environment. Use a temporary CCACHE for the installer to avoid these
kind of errors.
[freeipa-mkosek-389-improve-client-install-ldap-cert-retrieval-fallback.patch]:
CA certificate retrieval function did not fallback from LDAP to
HTTP based retrieval in case of an LDAP error, when for example
GSSAPI authentication failed.
-
Sending Fedora 18 client installation fixes as per
https://bugzilla.redhat.com/show_bug.cgi?id=920716#c10
Martin
From d837418d9424938823a9793ce72de742967bbfd5 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Thu, 14 Mar 2013 14:33:56 +0100
Subject: [PATCH 1/2] Use temporary CCACHE in ipa-client-install
ipa-client-install failed if user had set his own KRB5CCNAME in his
environment. Use a temporary CCACHE for the installer to avoid these
kind of errors.
https://fedorahosted.org/freeipa/ticket/3512
---
ipa-client/ipa-install/ipa-client-install | 7 +++
1 file changed, 7 insertions(+)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index d9e1b7e786466ba11fb8fd1d00a72904dfcc0005..fc8b6c85598a6d5b8d7ff3d53dd4db6d9b001b51 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1979,6 +1979,9 @@ def install(options, env, fstore, statestore):
root_logger.error(Test kerberos configuration failed)
return CLIENT_INSTALL_ERROR
env['KRB5_CONFIG'] = krb_name
+(ccache_fd, ccache_name) = tempfile.mkstemp()
+os.close(ccache_fd)
+env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = ccache_name
join_args = [/usr/sbin/ipa-join, -s, cli_server[0], -b, str(realm_to_suffix(cli_realm))]
if options.debug:
join_args.append(-d)
@@ -2114,6 +2117,10 @@ def install(options, env, fstore, statestore):
except OSError:
root_logger.error(Could not remove %s, krb_name)
try:
+os.remove(ccache_name)
+except OSError:
+pass
+try:
os.remove(krb_name + .ipabkp)
except OSError:
root_logger.error(Could not remove %s.ipabkp, krb_name)
--
1.8.1.4
From 429b5390e1e75be400ccb7aaa3e2ed4b72b359e2 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Thu, 14 Mar 2013 14:36:39 +0100
Subject: [PATCH 2/2] Improve client install LDAP cert retrieval fallback
CA certificate retrieval function did not fallback from LDAP to
HTTP based retrieval in case of an LDAP error, when for example
GSSAPI authentication failed.
https://fedorahosted.org/freeipa/ticket/3512
---
ipa-client/ipa-install/ipa-client-install | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index fc8b6c85598a6d5b8d7ff3d53dd4db6d9b001b51..f1b2c1887a1f393c4ac6ca004deee80ff52b2ca7 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1624,7 +1624,7 @@ def get_ca_cert(fstore, options, server, basedn):
except Exception, e:
os.unlink(ca_file)
raise
-except errors.NoCertificateError, e:
+except (errors.NoCertificateError, errors.LDAPError), e:
root_logger.debug(str(e))
url = http_url()
if existing_ca_cert:
--
1.8.1.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel