diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-08-31 14:13:32 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-09-21 10:48:34 -0400 |
commit | 3963687cde0552732259afa6fcf1393f56753423 (patch) | |
tree | 8952095f10487f28b471ea609f37398fdc8f63d5 /install/tools/ipa-replica-conncheck | |
parent | c4e070c1fefa3f999a9bff2217efe27745487ee0 (diff) | |
download | freeipa-3963687cde0552732259afa6fcf1393f56753423.tar.gz freeipa-3963687cde0552732259afa6fcf1393f56753423.tar.xz freeipa-3963687cde0552732259afa6fcf1393f56753423.zip |
conncheck: Additional check to verify the admin password is ok
If we can get a ticket for the master then we know we got all right.
This should avoid being prompted again by ssh if the kinit failed and for some
reason the error was not caught (seen in live tests).
Diffstat (limited to 'install/tools/ipa-replica-conncheck')
-rwxr-xr-x | install/tools/ipa-replica-conncheck | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index ac1817e5d..48ff336ff 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -323,6 +323,15 @@ def main(): if returncode != 0: raise RuntimeError("Cannot acquire Kerberos ticket: %s" % stderr) + # Verify kinit was actually successful + stderr='' + (stdout, stderr, returncode) = ipautil.run(['/usr/bin/kvno', + 'host/%s' % options.master], + env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE}, + raiseonerr=False) + if returncode != 0: + raise RuntimeError("Could not get ticket for master server: %s" % stderr) + remote_check_opts = ['--replica %s' % options.hostname] if options.check_ca: remote_check_opts.append('--check-ca') |