internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 21:33:14 +00:00
Code Issues Projects Releases Wiki Activity

Fix otp + force-join usecase

Browse Source 
When the client already has a working keytab, use_otp is disabled. This creates
an issue when ipaclient_force_join is set, because the join module is called
with ipaadmin_principal and ipaadmin_password, but these variables may be
undefined if ipaadmin_keytab is used instead.
We should not disable OTP when force-join is specified.
This commit is contained in:
Florence Blanc-Renaud
2017-10-11 16:48:26 +02:00
parent 63fd53eb77
commit 92d73ae2b8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/ipaclient/tasks/install.yml
View File

@@ -45,7 +45,7 @@
- name: Install - Disable One-Time Password for client with working krb5.keytab
set_fact:
ipaclient_use_otp: "no"
when: ipaclient_use_otp | bool and ipatest.krb5_keytab_ok
when: ipaclient_use_otp | bool and ipatest.krb5_keytab_ok and not ipaclient_force_join | bool
# The following block is executed when using OTP to enroll IPA client