3 files changed, 16 insertions, 9 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index d8ce5c930..cf002d316 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -490,6 +490,7 @@ def main():
     options = parse_options()
     logging_setup(options)
     dnsok = True
+    env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
 
     global fstore
     fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
@@ -605,7 +606,7 @@ def main():
             if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, krb_name):
                 print "Test kerberos configuration failed"
                 return 1
-            os.environ['KRB5_CONFIG'] = krb_name
+            env['KRB5_CONFIG'] = krb_name
             join_args = ["/usr/sbin/ipa-join", "-s", cli_server]
             if options.debug:
                 join_args.append("-d")
@@ -627,7 +628,7 @@ def main():
                         else:
                             stdin = sys.stdin.readline()
 
-                (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kinit", principal], raiseonerr=False, stdin=stdin)
+                (stderr, stdout, returncode) = run(["kinit", principal], raiseonerr=False, stdin=stdin, env=env)
                 print ""
                 if returncode != 0:
                     print stdout
@@ -644,7 +645,7 @@ def main():
                 join_args.append(password)
 
             # Now join the domain
-            (stdout, stderr, returncode) = run(join_args, raiseonerr=False)
+            (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env)
 
             if returncode != 0:
                 print "Joining realm failed: %s" % stderr,
@@ -660,8 +661,7 @@ def main():
 
         finally:
             if options.principal is not None:
-                (stderr, stdout, returncode) = run(["/usr/kerberos/bin/kdestroy"], raiseonerr=False)
-            del os.environ['KRB5_CONFIG']
+                (stderr, stdout, returncode) = run(["kdestroy"], raiseonerr=False, env=env)
             os.remove(krb_name)
             os.remove(krb_name + ".ipabkp")
 
diff --git a/ipalib/util.py b/ipalib/util.py
index 4aff88f83..6bd1da541 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -25,7 +25,6 @@ import os
 import imp
 import logging
 import time
-import krbV
 import socket
 from types import NoneType
 
@@ -49,7 +48,11 @@ def json_serialize(obj):
 
 def get_current_principal():
     try:
+        # krbV isn't necessarily available on client machines, fail gracefully
+        import krbV
         return unicode(krbV.default_context().default_ccache().principal().name)
+    except ImportError:
+        raise RuntimeError('python-krbV is not available.')
     except krbV.Krb5Error:
         #TODO: do a kinit?
         raise errors.CCacheError()
diff --git a/ipapython/config.py b/ipapython/config.py
index f3532c479..12d916cff 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -20,7 +20,6 @@
 import ConfigParser
 from optparse import OptionParser, IndentedHelpFormatter
 
-import krbV
 import socket
 import ipapython.dnsclient
 import re
@@ -113,8 +112,13 @@ def __discover_config(discover_server = True):
     rl = 0
     try:
         if not config.default_realm:
-            krbctx = krbV.default_context()
-            config.default_realm = krbctx.default_realm
+            try:
+                # only import krbV when we need it
+                import krbV
+                krbctx = krbV.default_context()
+                config.default_realm = krbctx.default_realm
+            except ImportError:
+                pass
             if not config.default_realm:
                 return False