On Mon, 2012-03-12 at 11:17 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Fri, 2012-03-09 at 14:18 +0100, Ondrej Hamada wrote: > >> https://fedorahosted.org/freeipa/ticket/2415 > >> https://fedorahosted.org/freeipa/ticket/1995 > >> > >> Added exception handler to certutil operation of adding CA to the > >> default NSS database. If operation fails, installation is aborted and > >> changes are rolled back. #2415 > >> > >> If obtaining host TGT fails, the installation is aborted and changes are > >> rolled back. #1995 > > > > ACK. Pushed to master, ipa-2-2. > > > > Martin > > I wonder if we need to add an escape for --force here. The kinit is just > to do things like nsupdate and add the SSH host keys. One might deem > those not critical. > > rob
This was a keytab kinit, as original ticket says a failure to get a correct keytab will make it impossible to login anyway as ldap binds from sssd will fail and auth verification will fail. This sounds pretty critical to me... Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel