On 16.3.2015 17:20, Martin Babinsky wrote: > On 03/16/2015 01:35 PM, Jan Cholasta wrote: >> Dne 16.3.2015 v 13:30 Martin Babinsky napsal(a): >>> On 03/16/2015 12:15 PM, Martin Kosek wrote: >>>> On 03/13/2015 05:37 PM, Martin Babinsky wrote: >>>>> Attaching the next iteration of patches.
Very good! I hopefully have last two nitpicks :-) See below. > diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py > index > 4116d974e620341119b56fad3cff1bda48af3bab..cd03e9fd17b60b8b7324d0ccd436a10f7556baf0 > 100644 > --- a/ipapython/ipautil.py > +++ b/ipapython/ipautil.py > @@ -1175,27 +1175,61 @@ def wait_for_open_socket(socket_name, timeout=0): > else: > raise e > > -def kinit_hostprincipal(keytab, ccachedir, principal): > + > +def kinit_keytab(keytab, ccache_path, principal, attempts=1): > """ > - Given a ccache directory and a principal kinit as that user. > + Given a ccache_path , keytab file and a principal kinit as that user. > + > + The optional parameter 'attempts' specifies how many times the credential > + initialization should be attempted before giving up and raising > + StandardError. > > This blindly overwrites the current CCNAME so if you need to save > it do so before calling this function. > > + This function is also not thread-safe since it modifies environment > + variables. > + > Thus far this is used to kinit as the local host. This note can be deleted because it is used elsewhere too. > """ > - try: > - ccache_file = 'FILE:%s/ccache' % ccachedir > - krbcontext = krbV.default_context() > - ktab = krbV.Keytab(name=keytab, context=krbcontext) > - princ = krbV.Principal(name=principal, context=krbcontext) > - os.environ['KRB5CCNAME'] = ccache_file > - ccache = krbV.CCache(name=ccache_file, context=krbcontext, > primary_principal=princ) > - ccache.init(princ) > - ccache.init_creds_keytab(keytab=ktab, principal=princ) > - return ccache_file > - except krbV.Krb5Error, e: > - raise StandardError('Error initializing principal %s in %s: %s' % > (principal, keytab, str(e))) > + root_logger.debug("Initializing principal %s using keytab %s" > + % (principal, keytab)) I'm sorry for nitpicking but it would be nice to log ccache_file too. Krb5 libs return quite weird errors when CC cache is not accessible so it helps to have the path at hand. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code