varunmylaraiah
commented
8 months ago Unfortunately, this patch is failing on the 9.4 replica, specifically on the test case named "rsn_enabled_on_master_and_replica."
Sorry, I tested with the wrong metadata. Everything is working as expected in 9.4 as well
As FreeIPA now requires MS-PAC to be set in ipaKrbAuthzData to trigger PAC generation, there's a timing issue that causes API malfunction which is long enough to cause the client part insallation to fail.
By restarting KDC after DS password is set, we force cached values to be refreshed, allowing the API to work correctly.
Fixes #1200