[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

HonzaCholasta Thu, 09 Feb 2017 03:07:41 -0800

  URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code


HonzaCholasta commented:
"""
While investigating the CI test failures, I stumbled upon another issue - two 
simultaneous login requests will deadlock httpd until it is restarted. This is 
how I did it:
```bash
(
    export KRB5CCNAME=$(mktemp)
    echo password | kinit admin
    curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt 
--negotiate -u : -e https://$HOSTNAME/ipa/session/json -D -
) & (
    export KRB5CCNAME=$(mktemp)
    echo password | kinit notadmin
    curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt 
--negotiate -u : -e https://$HOSTNAME/ipa/session/json -D -
)
```
It is not reproducible on the master branch.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/314#issuecomment-278611793

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

Reply via email to