[Freeipa-devel] [PATCH] Try to reacquire keytab file if host already joined

[Lars Sjöström]

> Lars Sjöström wrote:
>>
>> Hi,
>>
>> Understood! Would it be ok to add an optional flag then?
>> like --reacquire ?
>>
>> like so:
>> # run only if force and reacquire is set
>> if options.force and options.reacquire:
>>   # try to fetch keytab...
>>
>> Cheers,
>> Lars
>
>
> That sounds reasonable. In what case would you want to re-enroll a host
> without disabling it first?

One use case is where you for instance reinstall your OS a lot (in a
automated fashion), the client will not have any traces left of the
IPA client config which means the client can't unenroll it self
easily. If you know you're reinstalling a lot one would put
ipa-client-install with the re-acquire flag set to let the client try
to repair it self.

One could always skip the the ipa-client-install command and script
around the ipa* commands, but I would prefer to have it supported by
ipa-client-install.

Would that make any sense? :)

Cheers,
Lars

>
> rob
>
>
>>
>> Den 20 mars 2012 13:44 skrev Simo Sorce<simo at redhat.com>:
>>>
>>> On Tue, 2012-03-20 at 13:00 +0100, Lars Sjöström wrote:
>>>>
>>>> Hello fellow devs,
>>>>
>>>> I have a proposed patch for ticket #2106
>>>> (https://fedorahosted.org/freeipa/ticket/2106)
>>>>
>>>> if return code is 13 (Host already joined) of ipa-join command the
>>>> host will try to reacquire the keytab file.
>>>>
>>>> Feedback appreciated!
>>>
>>>
>>> Hi Lars, at the very least this should be conditional and be allowed
>>> only when an override flag is passed. The reason we punt here is that
>>> you may be trying to join a machine with the same name of an already
>>> joined and working machine by mistake.
>>> We do not want to void that other machine credentials unless the admin
>>> wants to force it.
>>>
>>> Simo.
>>>
>>> --
>>> Simo Sorce * Red Hat, Inc * New York
>>>
>>
>>
>>
>



-- 
Lars Sjöström
Senior Consultant / Owner
Radicore AB

Mobile: +46 (0)703 021502
Email: lars at radicore.se
Web: http://www.radicore.se