diff options
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 10 | ||||
-rw-r--r-- | ipalib/util.py | 5 | ||||
-rw-r--r-- | ipapython/config.py | 10 |
3 files changed, 16 insertions, 9 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index d8ce5c930..cf002d316 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -490,6 +490,7 @@ def main(): options = parse_options() logging_setup(options) dnsok = True + env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} global fstore fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore') @@ -605,7 +606,7 @@ def main(): if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, krb_name): print "Test kerberos configuration failed" return 1 - os.environ['KRB5_CONFIG'] = krb_name + env['KRB5_CONFIG'] = krb_name join_args = ["/usr/sbin/ipa-join", "-s", cli_server] if options.debug: join_args.append("-d") @@ -627,7 +628,7 @@ def main(): else: stdin = sys.stdin.readline() - (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kinit", principal], raiseonerr=False, stdin=stdin) + (stderr, stdout, returncode) = run(["kinit", principal], raiseonerr=False, stdin=stdin, env=env) print "" if returncode != 0: print stdout @@ -644,7 +645,7 @@ def main(): join_args.append(password) # Now join the domain - (stdout, stderr, returncode) = run(join_args, raiseonerr=False) + (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) if returncode != 0: print "Joining realm failed: %s" % stderr, @@ -660,8 +661,7 @@ def main(): finally: if options.principal is not None: - (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kdestroy"], raiseonerr=False) - del os.environ['KRB5_CONFIG'] + (stderr, stdout, returncode) = run(["kdestroy"], raiseonerr=False, env=env) os.remove(krb_name) os.remove(krb_name + ".ipabkp") diff --git a/ipalib/util.py b/ipalib/util.py index 4aff88f83..6bd1da541 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -25,7 +25,6 @@ import os import imp import logging import time -import krbV import socket from types import NoneType @@ -49,7 +48,11 @@ def json_serialize(obj): def get_current_principal(): try: + # krbV isn't necessarily available on client machines, fail gracefully + import krbV return unicode(krbV.default_context().default_ccache().principal().name) + except ImportError: + raise RuntimeError('python-krbV is not available.') except krbV.Krb5Error: #TODO: do a kinit? raise errors.CCacheError() diff --git a/ipapython/config.py b/ipapython/config.py index f3532c479..12d916cff 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -20,7 +20,6 @@ import ConfigParser from optparse import OptionParser, IndentedHelpFormatter -import krbV import socket import ipapython.dnsclient import re @@ -113,8 +112,13 @@ def __discover_config(discover_server = True): rl = 0 try: if not config.default_realm: - krbctx = krbV.default_context() - config.default_realm = krbctx.default_realm + try: + # only import krbV when we need it + import krbV + krbctx = krbV.default_context() + config.default_realm = krbctx.default_realm + except ImportError: + pass if not config.default_realm: return False |