[Freeipa-devel] [PATCH] 810 fix re-enrolling a host with a OTP
Martin Kosek
mkosek at redhat.com
Tue Jul 19 14:10:29 UTC 2011
On Fri, 2011-07-01 at 11:40 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Rob Crittenden wrote:
> >> Don't set krbLastPwdChange when setting a host OTP password.
> >>
> >> We have no visibility into whether an entry has a keytab or not so
> >> krbLastPwdChange is used as a rough guide.
> >>
> >> If this value exists during enrollment then it fails because the host is
> >> considered already joined. This was getting set when a OTP was added to
> >> a host that had already been enrolled (e.g. you enroll a host, unenroll
> >> it, set a OTP, then try to re-enroll). The second enrollment was failing
> >> because the enrollment plugin thought it was still enrolled becaused
> >> krbLastPwdChange was set.
> >>
> >> https://fedorahosted.org/freeipa/ticket/1357
> >>
> >> rob
> >
> > self-nack, found a corner case.
>
> Updated patch.
>
> rob
ACK. Works as advertised, no problem found.
Martin
More information about the Freeipa-devel
mailing list