As an administrator I don't want to have to manually obtain a TGT in order to execute ipa-certupdate when the CA chain is updated. This will allow for easier automation.
# rm -rf ~/.cache/ipa/s*
# ipa-certupdate
did not receive Kerberos credentials The ipa-certupdate command failed.
This happens if there is no schema downloaded from the IPA server in the user's cache. The api.finalize() happens before the kinit_keytab() call.
api.finalize()
kinit_keytab()
A better solution may be to drop the kinit_keytab() call and add this before api.finalize():
os.environ['KRB5_CLIENT_KTNAME'] = '/etc/krb5.keytab'
+1
Metadata Update from @pcech: - Issue priority set to: important (was: normal)
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/5246
master:
ipa-4-9:
ipa-4-8:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.