Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
Please also add the link to the commit message.
I think you answered Petr²'s security questions adequately.
Petr, note that this is a client-side change; if the keytab is
compromised the attacker can do all this manually anyway.
diff --git a/ipa-client/ipa-install/ipa-client-install
@@ -104,6 +104,8 @@ def parse_options():
@@ -1691,8 +1693,12 @@ def install(options, env, fstore, statestore):
- if options.unattended and (options.password is None and options.principal
is None and options.prompt_password is False) and not options.on_master:
- root_logger.error("One of password and principal are required.")
+ if options.unattended and ((options.password is None and
+ options.principal is None and
+ options.keytab is None and
+ options.prompt_password is False)\
+ and not options.on_master):
Please also remove the inner parentheses and the backslash.
Freeipa-devel mailing list