URL: https://github.com/freeipa/freeipa/pull/3216 Author: frasertweedale Title: #3216: fix LWCA key retrieval on f30 Action: opened
PR body: """ This PR includes fixes for LWCA key retrieval on f30 and fixes for handling of missing LWCA keys in the ca_find and ca_show commands.
Is is based upon https://github.com/freeipa/freeipa/pull/3210 which updates PR-CI to f30. (This PR revealed the issue on f30; the tests are not passing hence it has been merged yet.)
``` f029a6e3b (Fraser Tweedale, 7 hours ago) ipa-pki-retrieve-key: set KRB5CCNAME
On Fedora 30, for some reason LDAP GSS-API bind now fails in the ipa-pki-retrieve-key program. The Dogtag keytab credential acquisition does succeed, but those credentials are not used for the LDAP bind.
Update CustodiaClient to support setting KRB5CCNAME when it creates credentials. This behaviour is optional and disabled by default (no behavioural change for other use cases). But enable this behaviour in ipa-pki-retrieve-key so the Dogtag credentials are used for the LDAP bind.
Fixes: https://pagure.io/freeipa/issue/7964
fff5119cd (Fraser Tweedale, 85 minutes ago) Handle missing LWCA certificate or chain
If lightweight CA key replication has not completed, requests for the certificate or chain will return 404**. This can occur in normal operation, and should be a temporary condition. Detect this case and handle it by simply omitting the 'certificate' and/or 'certificate_out' fields in the response, and add a warning message to the response.
Also update the client-side plugin that handles the --certificate-out option. Because the CLI will automatically print the warning message, if the expected field is missing from the response, just ignore it and continue processing.
** after the Dogtag NullPointerException gets fixed!
Part of: https://pagure.io/freeipa/issue/7964
b59c49351 (Armando Neto, 2 days ago) Add Fedora 30 test definitions and bump template version
Signed-off-by: Armando Neto abiagion@redhat.com ``` """
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3216/head:pr3216 git checkout pr3216
URL: https://github.com/freeipa/freeipa/pull/3216 Author: frasertweedale Title: #3216: fix LWCA key retrieval on f30 Action: closed
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3216/head:pr3216 git checkout pr3216
freeipa-devel@lists.fedorahosted.org