Remove some additional instances of krbV from ipa-client

Make two krbV imports conditional. These aren't used during a client
install so should cause no problems.

Also fix the client installer to use the new env option in ipautil.run.
We weren't getting the krb5 configuration set in the environment because
we were overriding the environment to set the PATH.

ticket 136

ipa-client/ipa-install/ipa-client-install

@@ -490,6 +490,7 @@ def main():
     options = parse_options()
     logging_setup(options)
     dnsok = True
+    env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
 
     global fstore
     fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
@@ -605,7 +606,7 @@ def main():
             if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, krb_name):
                 print "Test kerberos configuration failed"
                 return 1
-            os.environ['KRB5_CONFIG'] = krb_name
+            env['KRB5_CONFIG'] = krb_name
             join_args = ["/usr/sbin/ipa-join", "-s", cli_server]
             if options.debug:
                 join_args.append("-d")
@@ -627,7 +628,7 @@ def main():
                         else:
                             stdin = sys.stdin.readline()
 
-                (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kinit", principal], raiseonerr=False, stdin=stdin)
+                (stderr, stdout, returncode) = run(["kinit", principal], raiseonerr=False, stdin=stdin, env=env)
                 print ""
                 if returncode != 0:
                     print stdout
@@ -644,7 +645,7 @@ def main():
                 join_args.append(password)
 
             # Now join the domain
-            (stdout, stderr, returncode) = run(join_args, raiseonerr=False)
+            (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env)
 
             if returncode != 0:
                 print "Joining realm failed: %s" % stderr,
@@ -660,8 +661,7 @@ def main():
 
         finally:
             if options.principal is not None:
-                (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kdestroy"], raiseonerr=False)
+                (stderr, stdout, returncode) = run(["kdestroy"], raiseonerr=False, env=env)
-            del os.environ['KRB5_CONFIG']
             os.remove(krb_name)
             os.remove(krb_name + ".ipabkp")
 

ipalib/util.py

@@ -25,7 +25,6 @@ import os
 import imp
 import logging
 import time
-import krbV
 import socket
 from types import NoneType
 
@@ -49,7 +48,11 @@ def json_serialize(obj):
 
 def get_current_principal():
     try:
+        # krbV isn't necessarily available on client machines, fail gracefully
+        import krbV
         return unicode(krbV.default_context().default_ccache().principal().name)
+    except ImportError:
+        raise RuntimeError('python-krbV is not available.')
     except krbV.Krb5Error:
         #TODO: do a kinit?
         raise errors.CCacheError()

ipapython/config.py

@@ -20,7 +20,6 @@
 import ConfigParser
 from optparse import OptionParser, IndentedHelpFormatter
 
-import krbV
 import socket
 import ipapython.dnsclient
 import re
@@ -113,8 +112,13 @@ def __discover_config(discover_server = True):
     rl = 0
     try:
         if not config.default_realm:
-            krbctx = krbV.default_context()
+            try:
-            config.default_realm = krbctx.default_realm
+                # only import krbV when we need it
+                import krbV
+                krbctx = krbV.default_context()
+                config.default_realm = krbctx.default_realm
+            except ImportError:
+                pass
             if not config.default_realm:
                 return False