diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2017-03-15 14:03:19 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-15 16:39:39 +0100 |
commit | b45629fc480e61464b402ac2fc52c6f9fc61df0e (patch) | |
tree | 8f2cd285f1795bf77627baf2b7ac82eb4742a298 /ipaserver/plugins/cert.py | |
parent | 8f4abf7bc1607fc44f528b8a443b69cb82269e69 (diff) | |
download | freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.gz freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.xz freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.zip |
check for replica's KDC entry on master before requesting PKINIT cert
This prevents replication-based race conditions to break PKINIT
certificate requests on replica installation.
https://pagure.io/freeipa/issue/6739
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/plugins/cert.py')
-rw-r--r-- | ipaserver/plugins/cert.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 47c10f343..9f9010760 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -229,9 +229,9 @@ def ca_kdc_check(api_instance, hostname): raise errors.NotFound() except errors.NotFound: - raise errors.ACIError(info=_( - "Host '%(hostname)s' is not an active KDC") - % dict(hostname=hostname)) + raise errors.ACIError( + info=_("Host '%(hostname)s' is not an active KDC") + % dict(hostname=hostname)) def validate_certificate(value): |