[Freeipa-devel] [freeipa PR#1754][opened] Add commentary about PKI admin password

Wed, 28 Mar 2018 03:39:07 -0700 

   URL: https://github.com/freeipa/freeipa/pull/1754
Author: frasertweedale
 Title: #1754: Add commentary about PKI admin password
Action: opened

PR body:
"""
Add a note in cainstance.configure_instance that "admin_password" is
the password to be used for the PKI admin account, NOT the IPA admin
password.  In fact, it is set to the Directory Manager password.

This comment would have saved me some time during recent
investigation of a replica installation issue.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1754/head:pr1754
git checkout pr1754

From 31007679422d8cbec54efa1d6bc1f8c7f6c9649a Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Wed, 28 Mar 2018 18:02:08 +1100
Subject: [PATCH] Add commentary about PKI admin password

Add a note in cainstance.configure_instance that "admin_password" is
the password to be used for the PKI admin account, NOT the IPA admin
password.  In fact, it is set to the Directory Manager password.

This comment would have saved me some time during recent
investigation of a replica installation issue.
---
 ipaserver/install/cainstance.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 75a37afca5..cc86e18fc4 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -345,7 +345,14 @@ def configure_instance(self, host_name, dm_password, admin_password,
         self.dm_password = dm_password
         self.admin_user = "admin"
         self.admin_groups = ADMIN_GROUPS
+
+        # NOTE: "admin_password" refers to the password for PKI
+        # "admin" account.  This is not necessarily the same as
+        # the IPA admin password.  Indeed, ca.configure_instance
+        # gets called with admin_password=dm_password.
+        #
         self.admin_password = admin_password
+
         self.pkcs12_info = pkcs12_info
         if self.pkcs12_info is not None:
             self.clone = True

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to