On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote: > > > >Well, we have separate daemon listening on the > >/var/run/krb5kdc/DEFAULT.socket in the container which should start > >the [email protected] when there's a connection made to it. But > >somehow it does not seem to be happening even if I fix the parsing of > >/etc/ipa/default.conf that [email protected] is doing. > As I wrote earlier, ipa-otpd relies on socket activation feature of > systemd -- systemd opens this socket and listens for incoming > connections. Any incoming connection causes to start ipa-otpd daemon and > connects its stdin/stdout to the socket's client.
And in the container there is no systemd so I emulate it there by just running a separate daemon listening on that socket which will fork that ipa-otpd daemon. > >What is the simplest way to trigger the connection to > >/var/run/krb5kdc/DEFAULT.socket, for debugging purposes? > Use socat. Something like > socat UNIX-LISTEN:/var/run/krb5kdc/DEFAULT.socket,unlink-early,fork > EXEC:/usr/libexec/ipa-otpd I meant, how do I cause the IPA stack (KDC?) to make the connection and communication with the ipa-otpd daemon? Also, does the Sync OTP Token operation invoke the ipa-otpd daemon path (so if Duncan managed to sync the token, it worked for him at least once) in any way or does it bypass it? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
