[Freeipa-devel] [PATCH] 810 fix re-enrolling a host with a OTP
Rob Crittenden
rcritten at redhat.com
Tue Jun 28 17:13:03 UTC 2011
Don't set krbLastPwdChange when setting a host OTP password.
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.
If this value exists during enrollment then it fails because the host is
considered already joined. This was getting set when a OTP was added to
a host that had already been enrolled (e.g. you enroll a host, unenroll
it, set a OTP, then try to re-enroll). The second enrollment was failing
because the enrollment plugin thought it was still enrolled becaused
krbLastPwdChange was set.
https://fedorahosted.org/freeipa/ticket/1357
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-810-enroll.patch
Type: text/x-diff
Size: 5329 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110628/983066e8/attachment.bin>
More information about the Freeipa-devel
mailing list