Jason Gerard DeRose wrote:
On Wed, 2009-11-25 at 13:45 -0500, Rob Crittenden wrote:
Jason Gerard DeRose wrote:
On Tue, 2009-11-17 at 15:06 -0500, Rob Crittenden wrote:
This enables CRL publishing by dogtag to a place where Apache can get the files.

I have to do a couple of tricks here because dogtag is an optional component. This is why in the installer I first see if the dogtag SELinux policy is installed and if not add it. Similarly the installer will remove it upon uninstall.

The policy itself just lets dogtag write to some Apache-labeled directories. dogtag uses symlinks to mark the latest CRL hence the permissions for links.

rob
can't get this to apply:

Applying: Add SELinux policy for CRL file publishing.
error: patch failed: ipa.spec.in:379
error: ipa.spec.in: patch does not apply
error: patch failed: selinux/Makefile:1
error: selinux/Makefile: patch does not apply
Patch failed at 0001 Add SELinux policy for CRL file publishing.
When you have resolved this problem run "git am --resolved".
If you would prefer to skip this patch, instead run "git am --skip".
To restore the original branch and stop patching run "git am --abort".


Rebased patch attached.


nack.  This seems to be breaking the installer.  This was a clean build
and install:

Failed to populate the realm structure in kerberos Command
'/usr/kerberos/sbin/kdb5_ldap_util -D
uid=kdc,cn=sysaccounts,cn=etc,dc=example,dc=com -w  Xl"t%3j8}VX create
-s -P >grbc"/F+Sh` -r EXAMPLE.COM -subtrees dc=example,dc=com -sscope
sub' returned non-zero exit status 1
  [6/13]: adding default keytypes
root        : CRITICAL Failed to load default-keytypes.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
-y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
ipa: CRITICAL: Failed to load default-keytypes.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
-y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
  [7/13]: creating a keytab for the directory
Unexpected error - see ipaserver-install.log for details:
 Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey
ldap/fedora11.example....@example.com' returned non-zero exit status 1

I attached the log.



Very strange, I can't reproduce this. What release are you on? What version of krb5-server do you have installed?

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to