URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented: """ While investigating the CI test failures, I stumbled upon another issue - two simultaneous login requests will deadlock httpd until it is restarted. This is how I did it: ```bash ( export KRB5CCNAME=$(mktemp) echo password | kinit admin curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt --negotiate -u : -e https://$HOSTNAME/ipa/session/json -D - ) & ( export KRB5CCNAME=$(mktemp) echo password | kinit notadmin curl https://$HOSTNAME/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt --negotiate -u : -e https://$HOSTNAME/ipa/session/json -D - ) ``` It is not reproducible on the master branch. """ See the full comment at https://github.com/freeipa/freeipa/pull/314#issuecomment-278611793
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code