Jakub Hrozek wrote:
On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
If /etc/krb5.conf doesn't exist or contains no default kerberos
realm then 389-ds won't start at all. This is a problem during
installation because we configure 389 first.

This patch will let the server come up, you just won't be able to do
any joins or password changes until you configure kerberos.

ticket 606

rob


I wasn't able to install with this patch when I had no /etc/krb5.conf at
all.

Here's what the DS error log said:
---
10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
---

Looking at ipaenrollment_start(), it looks like the culprit is that when
krb5_get_default_realm() fails, ret is set to an error code and
returned. It should be either reset to LDAP_SUCCESS or maybe rc should
be used instead.

Also one nitpick. This:

-static char *realm;
-static const char *ipa_realm_dn;
+static char *realm = NULL;
+static const char *ipa_realm_dn = NULL;

Is not neccessary, global variables are initialized to NULL
automatically.

Updated patch attached. I was able to do full install with this one.

rob

Attachment: freeipa-rcrit-703-2-startup.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to