internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 13:53:23 +00:00
Code Issues Projects Releases Wiki Activity

roles/ipaclient/tasks/install.yml: Purge realm from keytab after otp generation

Browse Source 
If a otp has bene generated it is needed to purge the realm from an exising
host keytab. If there is no host keytab or if the keytab is not containing
information about the realm, ipa-rmkeytab will fail and these two errors are
ignored.
This commit is contained in:
Thomas Woerner
2017-09-15 15:08:22 +02:00
parent 7eb98eaaef
commit 4b2b6751b2
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/ipaclient/tasks/install.yml
View File

@@ -47,6 +47,14 @@
set_fact:
ipaclient_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
- name: Install - Purge {{ ipadiscovery.realm }} from existing host keytab
command: /usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r "{{ ipadiscovery.realm }}"
register: iparmkeytab
# Do not fail on error codes 3 and 5:
# 3 - Unable to open keytab
# 5 - Principal name or realm not found in keytab
failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
when: ipaclient_use_otp | bool
- name: Install - Check if principal and keytab are set