On Fri, 2015-09-25 at 09:22 +0200, Jan Pazdziora wrote: > On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote: > > > > > > Well, we have separate daemon listening on the > > > /var/run/krb5kdc/DEFAULT.socket in the container which should > > > start > > > the [email protected] when there's a connection made to it. But > > > somehow it does not seem to be happening even if I fix the > > > parsing of > > > /etc/ipa/default.conf that [email protected] is doing. > > As I wrote earlier, ipa-otpd relies on socket activation feature of > > systemd -- systemd opens this socket and listens for incoming > > connections. Any incoming connection causes to start ipa-otpd > > daemon and > > connects its stdin/stdout to the socket's client. > > And in the container there is no systemd so I emulate it there by > just > running a separate daemon listening on that socket which will fork > that ipa-otpd daemon.
Is it in the same container? Because ipa-otpd uses ldapi. > > > What is the simplest way to trigger the connection to > > > /var/run/krb5kdc/DEFAULT.socket, for debugging purposes? > > Use socat. Something like > > socat UNIX-LISTEN:/var/run/krb5kdc/DEFAULT.socket,unlink- > > early,fork EXEC:/usr/libexec/ipa-otpd > > I meant, how do I cause the IPA stack (KDC?) to make the connection > and communication with the ipa-otpd daemon? > > Also, does the Sync OTP Token operation invoke the ipa-otpd daemon > path (so if Duncan managed to sync the token, it worked for him at > least once) in any way or does it bypass it? > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
