library/ipajoin.py: Fail for already joined hosts if krb5.keytab is missing

It is not possible to restore a missing krb5.keytab using the admin credential. Therefore the only way is to fail in this case.
2026-05-07 13:53:23 +00:00 · 2017-09-21 12:16:02 +02:00
parent 375500df37
commit 860794232e
1 changed files with 4 additions and 0 deletions
--- a/library/ipajoin.py
+++ b/library/ipajoin.py
@@ -332,6 +332,10 @@ def main():
            changed = True
            module.log("Enrolled in IPA realm %s" % realm)

+        # Fix missing krb5.keytab file for already joined host
+        if already_joined and not os.path.exists(paths.KRB5_KEYTAB):
+            module.fail_json(msg="krb5.keytab missing! Retry with ipaclient_force_join=yes to generate a new one.")
+
        start = stderr.find('Certificate subject base is: ')
        if start >= 0:
            start = start + 29