[Freeipa-devel] [PATCH] Try to reacquire keytab file if host already joined
Rob Crittenden
rcritten at redhat.com
Tue Mar 20 19:42:48 UTC 2012
Lars Sjöström wrote:
> Hi,
>
> Understood! Would it be ok to add an optional flag then?
> like --reacquire ?
>
> like so:
> # run only if force and reacquire is set
> if options.force and options.reacquire:
> # try to fetch keytab...
>
> Cheers,
> Lars
That sounds reasonable. In what case would you want to re-enroll a host
without disabling it first?
rob
>
> Den 20 mars 2012 13:44 skrev Simo Sorce<simo at redhat.com>:
>> On Tue, 2012-03-20 at 13:00 +0100, Lars Sjöström wrote:
>>> Hello fellow devs,
>>>
>>> I have a proposed patch for ticket #2106
>>> (https://fedorahosted.org/freeipa/ticket/2106)
>>>
>>> if return code is 13 (Host already joined) of ipa-join command the
>>> host will try to reacquire the keytab file.
>>>
>>> Feedback appreciated!
>>
>> Hi Lars, at the very least this should be conditional and be allowed
>> only when an override flag is passed. The reason we punt here is that
>> you may be trying to join a machine with the same name of an already
>> joined and working machine by mistake.
>> We do not want to void that other machine credentials unless the admin
>> wants to force it.
>>
>> Simo.
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>
>
>
More information about the Freeipa-devel
mailing list