[Freeipa-devel] [PATCH] 810 fix re-enrolling a host with a OTP
Rob Crittenden
rcritten at redhat.com
Thu Jun 30 20:48:52 UTC 2011
Rob Crittenden wrote:
> Don't set krbLastPwdChange when setting a host OTP password.
>
> We have no visibility into whether an entry has a keytab or not so
> krbLastPwdChange is used as a rough guide.
>
> If this value exists during enrollment then it fails because the host is
> considered already joined. This was getting set when a OTP was added to
> a host that had already been enrolled (e.g. you enroll a host, unenroll
> it, set a OTP, then try to re-enroll). The second enrollment was failing
> because the enrollment plugin thought it was still enrolled becaused
> krbLastPwdChange was set.
>
> https://fedorahosted.org/freeipa/ticket/1357
>
> rob
self-nack, found a corner case.
rob
More information about the Freeipa-devel
mailing list