path: root/ipaserver
diff options
authorRob Crittenden <>2011-05-17 15:09:39 -0400
committerMartin Kosek <>2011-05-18 09:35:04 +0200
commit4027b12371051c2e9f53b1b6cd2c4e4fbc333731 (patch)
treeb0ad75c5c107e73e9be5bf7547cf93348d793a43 /ipaserver
parent95b4040f6b4f43b864dce86648f09a1402889af9 (diff)
Test for forwarded Kerberos credentials cache in wsgi code.
We should more gracefully handle if the TGT has not been forwarded than returning a 500 error. Also catch and display KerberosErrors from ping() in the client better. ticket 1101
Diffstat (limited to 'ipaserver')
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/ b/ipaserver/
index 9c08bb8..718b761 100644
--- a/ipaserver/
+++ b/ipaserver/
@@ -27,7 +27,7 @@ from cgi import parse_qs
from xml.sax.saxutils import escape
from xmlrpclib import Fault
from ipalib.backend import Executioner
-from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError
+from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError
from ipalib.request import context, Connection, destroy_context
from ipalib.rpc import xml_dumps, xml_loads
from ipalib.util import make_repr
@@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner):
error = None
_id = None
lang = os.environ['LANG']
+ if not 'KRB5CCNAME' in environ:
+ return self.marshal(result, CCacheError(), _id)
if ('HTTP_ACCEPT_LANGUAGE' in environ):
lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0]