KerberosSession.finalize_kerberos_acquisition() uses requests to interact with IPA. The request.get() call performs a HTTP GET over HTTPS but fails to use FreeIPA's private CA file.
KerberosSession.finalize_kerberos_acquisition()
requests
request.get()
From discussion with @cheimes , this part of code doesn't use the same cert store as other places. There it may potentially cause issues e.g. in setup with External CA (CLI or Web UI login).
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1445397
Issue linked to bug 1445397
see how it was fixed in #6686 16dac02
Metadata Update from @pvoborni: - Issue assigned to pvoborni
Metadata Update from @pvoborni: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/734
Metadata Update from @pvoborni: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.5.1
master:
ipa-4-5:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.