client: synchronize ignored return codes with ipa-rmkeytab

Refactoring ipa-rmkeytab with commit f3f9672d52 led to new error code 7 when MIT Kerberos fails to iterate through the keys. It appears now in places where in past error code 3 was returned. Related: https://pagure.io/freeipa/issue/8658 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-01-26 16:16:31 -06:00 · 2021-02-03 09:32:55 +02:00 · 2021-02-03 09:32:55 +02:00 · 3231c6fc79
commit 3231c6fc79
parent caeed7e2d1
1 changed files with 3 additions and 1 deletions
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@ -2077,9 +2077,11 @@ def purge_host_keytab(realm):
            '-k', paths.KRB5_KEYTAB, '-r', realm
        ])
    except CalledProcessError as e:
-        if e.returncode not in (3, 5):
+        if e.returncode not in (3, 5, 7):
            # 3 - Unable to open keytab
            # 5 - Principal name or realm not found in keytab
+            # 7 - Failed to set cursor, typically when errcode
+            #     would be issued in past
            logger.error(
                "Error trying to clean keytab: "
                "/usr/sbin/ipa-rmkeytab returned %s", e.returncode)