On Thu, 2011-06-16 at 09:07 -0400, Rob Crittenden wrote:
> > I think this is still not right. When you let match_local default to
> > False, --ip-address option in ipa-server-install is checked with
> > match_local=False and thus the check required by BZ isn't made.
> Yes but it is checked again later. Try it, enforcement happens.


> > Please check my patch 083 I sent this morning. It makes sure that IP
> > address validation with CheckedIPAddress is run with correct parameters
> > (i.e. match_local, parse_netmask). You may want to build your patch on
> > top of this one.
> >
> > Should we be so strict and raise an exception when the IP address does
> > not match any local interface? Maybe a warning would be enough.
> > ipa-server-install will fail anyway few steps later in a scenario
> > described in BZ.
> We should fail as soon as possible. By doing this before installation 
> starts they don't have to uninstall.
> rob

In fact, if we apply your patch on top of my patch 083 it works just
fine and --ip-address is checked against network interfaces in option
parsing phase.

So ACK from me if it is applied on top of my patch 083 (not reviewed


Freeipa-devel mailing list

Reply via email to