On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote: > If /etc/krb5.conf doesn't exist or contains no default kerberos > realm then 389-ds won't start at all. This is a problem during > installation because we configure 389 first. > > This patch will let the server come up, you just won't be able to do > any joins or password changes until you configure kerberos. > > ticket 606 > > rob
I wasn't able to install with this patch when I had no /etc/krb5.conf at all. Here's what the DS error log said: --- 10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file ipa_enrollment.c, line 389]: Failed to get default realm?! [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin ipa_enrollment_extop [10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file ipa_enrollment.c, line 389]: Failed to get default realm?! [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin ipa_enrollment_extop [10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file ipa_enrollment.c, line 389]: Failed to get default realm?! [10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin ipa_enrollment_extop --- Looking at ipaenrollment_start(), it looks like the culprit is that when krb5_get_default_realm() fails, ret is set to an error code and returned. It should be either reset to LDAP_SUCCESS or maybe rc should be used instead. Also one nitpick. This: -static char *realm; -static const char *ipa_realm_dn; +static char *realm = NULL; +static const char *ipa_realm_dn = NULL; Is not neccessary, global variables are initialized to NULL automatically. _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
