From d726da3ba20283ffdc1d384dfedf8e6a732dc3d7 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 7 Jan 2016 16:48:11 +0100
Subject: uninstallation: more robust check for master removal from topology

When uninstalling IPA master in domain level 1 topology, the code that checks
for correct removal from topology will now consider failures to lookup host
entry in local LDAP and to obtain host TGT as a sign that the master entry was
already removed.

https://fedorahosted.org/freeipa/ticket/5584

Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipalib/krb_utils.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ipalib/krb_utils.py')

diff --git a/ipalib/krb_utils.py b/ipalib/krb_utils.py
index 0c4340c3f..b33e4b7c8 100644
--- a/ipalib/krb_utils.py
+++ b/ipalib/krb_utils.py
@@ -32,6 +32,7 @@ if six.PY3:
 # Kerberos error codes
 KRB5_CC_NOTFOUND                = 2529639053 # Matching credential not found
 KRB5_FCC_NOFILE                 = 2529639107 # No credentials cache found
+KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN = 2529638918  # client not found in Kerberos db
 KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN = 2529638919 # Server not found in Kerberos database
 KRB5KRB_AP_ERR_TKT_EXPIRED      = 2529638944 # Ticket expired
 KRB5_FCC_PERM                   = 2529639106 # Credentials cache permissions incorrect
-- 
cgit