diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-17 17:11:34 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-23 23:08:50 +0200 |
commit | 42bd89dbe77846b6ee60365bba50da521745bca1 (patch) | |
tree | e227ad3ebdf6d958e9a3878fbcff3d521637aee3 /scripts | |
parent | bc58e1cfee742178f95922d964349d6c262f6df7 (diff) | |
download | sssd-42bd89dbe77846b6ee60365bba50da521745bca1.tar.gz sssd-42bd89dbe77846b6ee60365bba50da521745bca1.tar.xz sssd-42bd89dbe77846b6ee60365bba50da521745bca1.zip |
IPA: Retry fetching keytab if IPA user lookup fails
Required for:
https://fedorahosted.org/sssd/ticket/2639
Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.
be_mark_dom_offline() is called when the retry fails with the new code.
The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions