From b12c465ae8b8ffb1e34741daf8c0dea6525e5fcf Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Wed, 22 Mar 2017 10:04:52 +0100
Subject: [PATCH] Split out anonymous PKINIT test to a separate method

This allows for more flexibility in the whole PKINIT setup process.

https://pagure.io/freeipa/issue/6792

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/krbinstance.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index c817076249a224347421b1bf18088eecb8eb345f..5f4b5282f54234c15b1a8d8273eff69e134e665b 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -410,6 +410,7 @@ class KrbInstance(service.Service):
             root_logger.critical("krb5kdc service failed to restart")
             raise
 
+    def test_anonymous_pkinit(self):
         with ipautil.private_ccache() as anon_ccache:
             try:
                 ipautil.run([paths.KINIT, '-n', '-c', anon_ccache])
@@ -421,6 +422,7 @@ class KrbInstance(service.Service):
             self.steps = []
             self.step("installing X509 Certificate for PKINIT",
                       self.setup_pkinit)
+            self.step("testing anonymous PKINIT", self.test_anonymous_pkinit)
 
             self.start_creation()
 
-- 
2.12.2