On (12/09/17 15:45), Lukas Slebodnik wrote: >ehlo, > >I realized that it might be better to discuss it here rather then in >pull requests because it seems to be related to two different commits. > >I will describe a test case on master with already created replica on another >host. >* kinit as admin > // create user with dummy password >* echo $dummypw | ipa user-add $login --first "$firstname" --last "$lastname" \ > --password > > // adding sleep think that first kinit hits slave sometimes and the user is > // not replicated yet. >* sleep 2 >* FirstKinitAs $login $dummypw $password > >FirstKinitAs is a bash function which change initial password >something like: echo -e "$password\n$newpassword\n$newpassword" | kinit -V >$username > >Such test works reliably with 1.15.3 and kinit always talk to local master >(I didn't try to remove sleep 2) > > >But situation changed a little bit with git master due to following commits >IPA: Only generate kdcinfo files on clients >https://pagure.io/SSSD/sssd/c/a309525cc47da726461aec1f238165c17aade2a6
Jakub, Could you explain what was the purpose of the patch? Because I do not think that patch fix anything. If there were some issues with generated kdcinfo files on ipa replicas then I assume it is a bug in replica promotion which left _srv_ in ipa_server https://pagure.io/freeipa/issue/7127 https://github.com/freeipa/freeipa/pull/1005 Because my experience is that after reverting patch a309525cc47da726461aec1f238165c17aade2a6 sssd generate kdcinfo just for local kdc server and sssd_krb5_locator_plugin.so will use it and do not allow krb5 libs to try srv discovery. I might be wrong or I could miss something and there might be something else fishy in ipa*-install. LS _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
