freeipa

Clone
Source Code
GIT

#3076 Problem creating cli keyring
Closed: Duplicate None Opened 12 years ago by mgregg.

Closed: Duplicate
Reopen Issue

Found while trying to write a test for https://fedorahosted.org/freeipa/ticket/2331

This seems to be reproducible when this test is run from the testing framework

Here is the code for my test:

        rlPhaseStartTest "Create a valid keyring, then try issuing a
command that will fallback to kerberos auth. Verify that the fallback
happens"
                kdestroy
                keyctl purge user # Purging keys to be certain that the
user-find populates the keyring properly.
                rlRun "keyctl clear @s" 0 "Clear local session keyring"
                rlRun "keyctl clear @u" 0 "Clear local user keyring"
                KinitAsUser $u1 $u1pass
                outf="/dev/shm/outfileg.txt"
                ipa -vv user-find $u1 &> $outf # running ipa user-find
to populate the keyring.
                ipa user-find admin &> /dev/null
                sleep 5
                rlRun "keyctl list @s | grep ipa_session_cookie | grep
$u1" 0 "verify u1's ipa session cookie was created"
                rlRun "grep Authorization:\ negotiate $outf" 0 "This
first user-find should complete a full kerberos auth."
                outf="/dev/shm/outfileh.txt"
                sleep 5
                ipa -vv user-find $u1 &>/dev/shm/1
                ipa -vv user-find $u1 &>/dev/shm/2
                ipa -vv user-find $u1 &>/dev/shm/3
                sleep 30
                ipa -vv user-find $u1 &>/dev/shm/4
                sleep 30
                ipa -vv user-find $u1 &>/dev/shm/5

                ipa -vv user-find $u1 &> $outf # This command should
work off of the current session.
                rlRun "grep Authorization:\ negotiate $outf" 1
"Re-verify that a normal user-find does not do a full kerberos auth"
                outf="/dev/shm/outfilei.txt"
                ipa -vv --delegate user-find &> $outf # this command
should force a full kerberos auth
                rlRun "grep Authorization:\ negotiate $outf" 0 "ipa
delegate should force a full kerberos auth. Verify that it happened."
        rlPhaseEnd

The strange part is where I seem to need to run ipa user-find multiple
times with the sleeps in there

I'll attach the "1", "2", and "5" files to show you what is going on here.

for some reason the first 4 user finds do not seem to pick up the ipa
session. They all seem to attempt populating the local keyring with
lines like this:
ipa: DEBUG: args=keyctl padd user ipa_session_cookie:crtu1@TESTRELM.COM @s
ipa: DEBUG: stdout=376780013

And then the 5th attempt works.

The really frustrating part is that I have been trying for 2 hours to
manually reproduce this from the cli, but I have been unable.

I can't seem to find the referenced output in the beaker log. Can you attach them to this ticket?

I've been unable to reproduce this so far but I found that sessions aren't working in RHEL due to differing versions of xmlrpclib.py

Closed as duplicate of #3022

Metadata Update from @mgregg:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
8 years ago

Log in to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
None
None
None
0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.