[Freeipa-devel] [PATCH] 0034 Improve handling of options in ipa-client-install
Jan Pazdziora
jpazdziora at redhat.com
Thu Jun 6 13:45:09 UTC 2013
On Wed, Jun 05, 2013 at 04:14:36PM +0200, Ana Krivokapic wrote:
> Hello,
>
> The attached patch should improve handling of client re-enrollment
> related options of ipa-client-install.
>
> https://fedorahosted.org/freeipa/ticket/3686
[...]
>
> + if options.keytab and options.principal:
> + root_logger.error("Options 'principal' and 'keytab' cannot be used "
> + "together.")
> + return CLIENT_INSTALL_ERROR
> +
I know that this check only explains what happens later in the code
but isn't using custom principal _plus_ a keytab for that principal
a valid combination? Right now, it's either principal + password, or
keytab and from that keytab a specific host/* principal. Can't it be
ptincipal + keytab?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list