IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Delete empty keytab during client installation

Browse Source 
Client installation fails if '/etc/krb5.keytab' exists as a zero-length
file. Deleting empty keytab before proceeding with the installation
fixes the problem.

https://pagure.io/freeipa/issue/7625

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Armando Neto
2018-08-30 17:17:02 -03:00
committed by Christian Heimes
parent 1d3c308bf1
commit cf1301fb06
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ipaclient/install/client.py
View File

@@ -2126,6 +2126,16 @@ def install_check(options):
logger.warning("Option 'force-join' has no additional effect " logger.warning("Option 'force-join' has no additional effect "
"when used with together with option 'keytab'.") "when used with together with option 'keytab'.")
# Remove invalid keytab file
try:
gssapi.Credentials(
store={'keytab': paths.KRB5_KEYTAB},
usage='accept',
)
except gssapi.exceptions.GSSError:
logger.debug("Deleting invalid keytab: '%s'.", paths.KRB5_KEYTAB)
remove_file(paths.KRB5_KEYTAB)
# Check if old certificate exist and show warning # Check if old certificate exist and show warning
if ( if (
not options.ca_cert_file and not options.ca_cert_file and