1c0c74d Fix ipa-replica-conncheck when called with --principal

1 file Authored by frenaud 6 years ago, Committed by tkrizek 6 years ago,
    Fix ipa-replica-conncheck when called with --principal
    
    ipa-replica-conncheck can be called with --principal / --password or
    with an existing Kerberos credential cache in order to supply the
    authorized identity logging in to the master machine (in
    auto-master-check mode).
    
    In domain-level 0, the tool is called with --principal and password
    and tries to obtain a TGT by performing kinit, but does not set the
    env var KRB5CCNAME. Subsequent calls to IPA API do not use the
    credential cache and fail. In this case, ipa-replica-conncheck falls
    back to using SSH to check master connectivity instead of IPA API,
    and the ssh check is less robust.
    
    The code should set the KRB5CCNAME env var for IPA API to use the
    credential cache.
    
    Fixes:
    https://pagure.io/freeipa/issue/7221
    
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>