From 33bc9e7faca55497e00a3f6c08f4bff7262e290c Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Tue, 23 Jun 2015 14:14:33 +0200
Subject: Hide traceback in ipa-dnskeysyncd if kinit failed.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 daemons/dnssec/ipa-dnskeysyncd | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'daemons')

diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index 31027cb0c..7213168b4 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -66,7 +66,12 @@ signal.signal(signal.SIGINT, commenceShutdown)
 PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host))
 log.debug('Kerberos principal: %s', PRINCIPAL)
 ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache')
-ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename)
+try:
+    ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename)
+except Exception as ex:
+    log.critical(ex)
+    # signal failure and let init system to restart the daemon
+    sys.exit(1)
 os.environ['KRB5CCNAME'] = ccache_filename
 
 # LDAP initialization
-- 
cgit