On 06/04/2013 01:29 PM, Tomas Babej wrote:
On 06/03/2013 02:58 PM, Martin Kosek wrote:
On 06/03/2013 02:43 PM, Tomas Babej wrote:
Hi,
this patch fixes the installation problems on master on F19 with
krb5 packages
= 1.11.2-6
https://fedorahosted.org/freeipa/ticket/3666
Tomas
1) Leaving cache_desc open:
+ (cache_desc, cache_path) = tempfile.mkstemp(prefix='krbcc')
+ os.environ['KRB5CCNAME'] = cache_path
Why do we keep the descriptor open and close it at the and of the
installation?
Can we close it right after tempfile.mkstemp? I think we do it this
way in
other places in installation.
2) What about other installers where we handle Kerberos auth, like
ipa-{replica,dns,ca}-install?
A common function, other shared means, of handling KRB5CCNAME may be
appropriate to avoid duplicating code too much.
Martin
I moved the code responsible to PrivateCCache class, both for
readability and conciseness.
Private ccache now used in replica,dns and ca the installers. I
managed to reproduce the error only with
dns-install though(fails on adding the service principal), but having
a private ccache for the installer should not hurt.
Ipa-adtrust-install requires the admin ticket, so there shouldn't be
an issue.
My reasoning was flawed here, ipa-adtrust-install attempts to re-kinit
admin ticket, so it needs the private ccache as well.
Sending one-liner fix.
Tomas
Tomas
From 0177d6a7f14b87f42647376001e6ac580ca38e57 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Wed, 5 Jun 2013 13:17:19 +0200
Subject: [PATCH] Use private ccache in ipa-adtrust-install
The ipa-adtrust-install script attempts to automatically re-kinit
admin user ticket, hence it needs private ccache or the usage
of the ipa-adtrust-install with sudo/su will fail.
https://fedorahosted.org/freeipa/ticket/3666
---
install/tools/ipa-adtrust-install | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 5744c6f67aee5f55877d7ef1691e98dfdb8d8718..09831617de7daf03e876897eef1d99d9a1a4a8c6 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -405,5 +405,6 @@ information"""
return 0
if __name__ == '__main__':
- run_script(main, log_file_name=log_file_name,
- operation_name='ipa-adtrust-install')
+ with private_ccache():
+ run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-adtrust-install')
--
1.8.1.4
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
