mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ipatests: create_active_user improvements
Use get_kdcinfo before and after kinit if krb5_trace in create_active_user. This will help determine how SSSD was selecting which KRB5KDC to use. Fixes: https://pagure.io/freeipa/issue/8510 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
parent
884e0d36e9
commit
e0586f33a6
@ -1971,10 +1971,25 @@ def create_active_user(host, login, password, first='test', last='user',
|
|||||||
user_add(host, login, first=first, last=last, extra_args=extra_args,
|
user_add(host, login, first=first, last=last, extra_args=extra_args,
|
||||||
password=temp_password)
|
password=temp_password)
|
||||||
if krb5_trace:
|
if krb5_trace:
|
||||||
host.run_command(
|
# Retrieve kdcinfo.$REALM before changing the user's password.
|
||||||
|
get_kdcinfo(host)
|
||||||
|
# This tends to fail when the KDC the password is
|
||||||
|
# reset on is not the same as the one we immediately
|
||||||
|
# request a TGT from. This should not be the case as SSSD
|
||||||
|
# tries to pin itself to an IPA server.
|
||||||
|
#
|
||||||
|
# Note raiseonerr=False:
|
||||||
|
# the assert is located after kdcinfo retrieval.
|
||||||
|
result = host.run_command(
|
||||||
"KRB5_TRACE=/dev/stdout kinit %s" % login,
|
"KRB5_TRACE=/dev/stdout kinit %s" % login,
|
||||||
stdin_text='{0}\n{1}\n{1}\n'.format(temp_password, password)
|
stdin_text='{0}\n{1}\n{1}\n'.format(
|
||||||
|
temp_password, password, raiseonerr=False
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
# Retrieve kdc.$REALM after the password change, just in case SSSD
|
||||||
|
# domain status flipped to online during the password change.
|
||||||
|
get_kdcinfo(host)
|
||||||
|
assert result.returncode == 0
|
||||||
else:
|
else:
|
||||||
host.run_command(
|
host.run_command(
|
||||||
['kinit', login],
|
['kinit', login],
|
||||||
|
Loading…
Reference in New Issue
Block a user