summaryrefslogtreecommitdiffstats
path: root/daemons/dnssec/ipa-dnskeysyncd
diff options
context:
space:
mode:
authorMartin Babinsky <mbabinsk@redhat.com>2015-08-18 18:33:37 +0200
committerMartin Basti <mbasti@redhat.com>2015-08-18 21:11:58 +0200
commit3506938a75cd189d137332f1f71ac469a9d6036e (patch)
treec9824d1a807e6bd797fc9f1d62fce4b93bdb01e9 /daemons/dnssec/ipa-dnskeysyncd
parent27988f1b836874d6b1df0659bc95390636caeb78 (diff)
downloadfreeipa-3506938a75cd189d137332f1f71ac469a9d6036e.tar.gz
freeipa-3506938a75cd189d137332f1f71ac469a9d6036e.tar.xz
freeipa-3506938a75cd189d137332f1f71ac469a9d6036e.zip
improve the handling of krb5-related errors in dnssec daemons
ipa-dnskeysync* and ipa-ods-exporter handle kerberos errors more gracefully instead of crashing with tracebacks. https://fedorahosted.org/freeipa/ticket/5229 Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'daemons/dnssec/ipa-dnskeysyncd')
-rwxr-xr-xdaemons/dnssec/ipa-dnskeysyncd4
1 files changed, 2 insertions, 2 deletions
diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index 93e1cd518..fa54806f9 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -66,9 +66,9 @@ PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host))
log.debug('Kerberos principal: %s', PRINCIPAL)
ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache')
try:
- ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename)
+ ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename, attempts=5)
except Exception as ex:
- log.critical(ex)
+ log.critical("Kerberos authentication failed: %s", ex)
# signal failure and let init system to restart the daemon
sys.exit(1)
os.environ['KRB5CCNAME'] = ccache_filename
generated by cgit (git 2.34.1) at 2026-01-07 05:12:33 +0000