URL: https://github.com/freeipa/freeipa/pull/1754 Author: frasertweedale Title: #1754: Add commentary about PKI admin password Action: opened
PR body: """ Add a note in cainstance.configure_instance that "admin_password" is the password to be used for the PKI admin account, NOT the IPA admin password. In fact, it is set to the Directory Manager password. This comment would have saved me some time during recent investigation of a replica installation issue. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1754/head:pr1754 git checkout pr1754
From 31007679422d8cbec54efa1d6bc1f8c7f6c9649a Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 28 Mar 2018 18:02:08 +1100 Subject: [PATCH] Add commentary about PKI admin password Add a note in cainstance.configure_instance that "admin_password" is the password to be used for the PKI admin account, NOT the IPA admin password. In fact, it is set to the Directory Manager password. This comment would have saved me some time during recent investigation of a replica installation issue. --- ipaserver/install/cainstance.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 75a37afca5..cc86e18fc4 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -345,7 +345,14 @@ def configure_instance(self, host_name, dm_password, admin_password, self.dm_password = dm_password self.admin_user = "admin" self.admin_groups = ADMIN_GROUPS + + # NOTE: "admin_password" refers to the password for PKI + # "admin" account. This is not necessarily the same as + # the IPA admin password. Indeed, ca.configure_instance + # gets called with admin_password=dm_password. + # self.admin_password = admin_password + self.pkcs12_info = pkcs12_info if self.pkcs12_info is not None: self.clone = True
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org