kadmin-remctl 3.3 (unreleased)
+ In the Heimdal version of kadmin-backend, retry the kadmin connection
+ once if the first connection fails. This is a workaround for a
+ transient networking error that we're seeing at Stanford and therefore
+ may not be fully appropriate for other sites. Even on a successful
+ reconnect, this will cause some errors to be sent to standard error
+ due to the behavior of Heimdal::Kadm5.
+
When prompting for a username in passwd_change, strip any surrounding
whitespace from that username before proceeding.
# Written by Russ Allbery <rra@stanford.edu>
# Heimdal port written by Jon Robertson <jonrober@stanford.edu>
# Based heavily on work by Roland Schemers
-# Copyright 2003, 2007, 2008, 2009, 2010, 2011
+# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013
# The Board of Trustees of the Leland Stanford Junior University
#
# Permission to use, copy, modify, and distribute this software and its
my ($instance) = @_;
return $CONFIG{$instance}{handle} if exists $CONFIG{$instance}{handle};
- my $kadmin = Heimdal::Kadm5::Client->new(
- Principal => $CONFIG{$instance}{k5_admin},
- Keytab => $CONFIG{$instance}{k5_keytab},
- RaiseErrors => 1,
- );
+ # If the connection fails, retry once.
+ my $kadmin;
+ my $first = 1;
+ CONNECT:
+ {
+ local $SIG{__WARN__} = sub {};
+ $kadmin = eval {
+ Heimdal::Kadm5::Client->new(
+ Principal => $CONFIG{$instance}{k5_admin},
+ Keytab => $CONFIG{$instance}{k5_keytab},
+ RaiseErrors => 1,
+ );
+ };
+ if ($first && ($@ || !$kadmin)) {
+ $first = 0;
+ redo CONNECT;
+ }
+ if ($@ || !$kadmin) {
+ die;
+ }
+ }
$CONFIG{$instance}{handle} = $kadmin;
return $kadmin;
}