SSSD / sssd

Clone

42bd89d IPA: Retry fetching keytab if IPA user lookup fails

Authored and Committed by jhrozek 8 years ago
raw patch tree parent
2 files changed. 185 lines added. 14 lines removed.
src/providers/ipa/ipa_id.h
file modified
+0 -9
src/providers/ipa/ipa_subdomains_id.c
file modified
+185 -5 
    IPA: Retry fetching keytab if IPA user lookup fails
    
    Required for:
        https://fedorahosted.org/sssd/ticket/2639
    
    Instead of calling ipa_get_ad_acct_send directly, call a new request
    ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
    either tries to request a new keytab every time the lookup fails but the
    domain is online.
    
    be_mark_dom_offline() is called when the retry fails with the new code.
    
    The retry tries to re-setup the trusted domain. With two-way setups, the
    request is a no-op. With one-way trust setups, the request re-fetches
    new keytab unconditionally.
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+0 -9
file modified
+185 -5
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.