Alexander Bokovoy wrote:
On Sat, 25 Feb 2012, Ondrej Hamada wrote:
On 02/25/2012 08:30 PM, Alexander Bokovoy wrote:
On Thu, 23 Feb 2012, Ondrej Hamada wrote:
Option '--noac' was added. If set, the ipa-client-install will not call
authconfig for setting nsswitch.conf and PAM configuration. In
fact no configuration of nsswitch.conf or PAM would be done at
all.
https://fedorahosted.org/freeipa/ticket/2369
NACK.
According to the original request, authconfig will do
nsswitch/PAM configuration *after* ipa-client-install run so the
following check in ipa-client-install will fail with --noac:
+ #Check that nss is working properly
+ if not options.on_master:
+ n = 0
+ found = False
+ # Loop for up to 10 seconds to see if nss is working properly.
+ # It can sometimes take a few seconds to connect to the remote
provider.
+ # Particulary, SSSD might take longer than 6-8 seconds.
+ while n< 10 and not found:
+ try:
+ ipautil.run(["getent", "passwd", "admin"])
+ found = True
+ except Exception, e:
+ time.sleep(1)
+ n = n + 1
This check never happens with --noac. I've rechecked the indentation
(I admit it's badly visible in the patch file) and it's ok.
OK then. ACK.
Please, someone commit this path as my git trees are a bit in flux due
to trusts work and I'm deep in Samba 16-byte session key fixes right
now.
Simo pushed this to master and ipa-2-2
I added --noac to the ipa-client-install man page and pushed that under
the 1-liner rule.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
