IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-client-install: invoke nsupdate twice (GSS-TSIG, plain)

Browse Source 
ipa-client-install invokes nsupdate with GSS-TSIG at client
enrollment time. If that fails, no retry is done.
Change that behavior to try again without GSS-TSIG.

Fixes: https://pagure.io/freeipa/issue/8402
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
François Cami 2021-04-09 09:46:11 +01:00 committed by Alexander Bokovoy
parent 72f44b5596
commit 20c7bd5eba
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaclient/install/client.py
View File

@ -1370,6 +1370,11 @@ def do_nsupdate(update_txt):
result = True
except CalledProcessError as e:
logger.debug('nsupdate failed: %s', str(e))
try:
ipautil.run([paths.NSUPDATE, UPDATE_FILE])
result = True
except CalledProcessError as e:
logger.debug('Unauthenticated nsupdate failed: %s', str(e))
try:
os.remove(UPDATE_FILE)