On 03/07/2013 04:27 PM, Tomas Babej wrote:
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
Please also add the link to the commit message.
I think you answered Petr²'s security questions adequately.
Petr, note that this is a client-side change; if the keytab is
compromised the attacker can do all this manually anyway.
diff --git a/ipa-client/ipa-install/ipa-client-install
@@ -104,6 +104,8 @@ def parse_options():
@@ -1691,8 +1693,12 @@ def install(options, env, fstore, statestore):
- if options.unattended and (options.password is None and
options.principal is None and options.prompt_password is False) and
- root_logger.error("One of password and principal are
+ if options.unattended and ((options.password is None and
+ options.principal is None and
+ options.keytab is None and
+ options.prompt_password is False)\
+ and not options.on_master):
Please also remove the inner parentheses and the backslash.
Both fixed, updated patch attached.
Freeipa-devel mailing list