On 04/30/2013 10:42 AM, Petr Viktorin wrote: > On 04/23/2013 12:17 PM, Ana Krivokapic wrote: >> On 04/23/2013 12:06 AM, Rob Crittenden wrote: >>> Ana Krivokapic wrote: >>>> Do not display ports to open when password is incorrect during >>>> ipa-client-install >>>> >>>> https://fedorahosted.org/freeipa/ticket/3573 >>>> >>> >>> What happens if port 88 is not open so it can't connect to the KDC? >>> I'm not sure how the best way to determine one vs the other, I don't >>> think there are distinct return values. >>> >>> We could use the fact that Kerberos isn't translated to look for >>> specific strings maybe, but that is hackish and could break. >>> >>> rob >> >> The return value from kinit is always 1 in case of failure. So the only >> way to determine the reason for failure would be to look into the >> message string. I agree this is hackish as Rob pointed out. Personally, >> I am for leaving everything as it is now. In the case of incorrect >> password, the user _does_ get the message that the password was >> incorrect (kinit: Password incorrect while getting initial credentials). >> So I don't think that displaying the message about ports, in addition to >> this message, is confusing/misleading. > > I think displaying the error messages after the port information would > make it clearer that this is the reason for failed installation. >
I think this is a good compromise. Updated patch attached. -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc.
From 84b6a013ae79f8791ac9d6810698d4158a182ef5 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic <akriv...@redhat.com> Date: Mon, 22 Apr 2013 17:09:47 +0200 Subject: [PATCH] Improve error message on failed Kerberos authentication When ipa client installation fails due to failed Kerberos authentication, make sure that the message about the failed authentication is displayed last. This makes it clear to the user that this was the reason for failed installation. https://fedorahosted.org/freeipa/ticket/3573 --- ipa-client/ipa-install/ipa-client-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index a60124bb7873ff4a14cf7a02e778b94b832a6a0e..b60b5dff8be2f76ca8507a4323cf0c3e074275be 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -2066,9 +2066,9 @@ def install(options, env, fstore, statestore): stdin=stdin, env=env) if returncode != 0: + print_port_conf_info() root_logger.error("Kerberos authentication failed") root_logger.info("%s", stdout) - print_port_conf_info() return CLIENT_INSTALL_ERROR elif options.keytab: join_args.append("-f") @@ -2080,10 +2080,10 @@ def install(options, env, fstore, statestore): raiseonerr=False) if returncode != 0: + print_port_conf_info() root_logger.error("Kerberos authentication failed " "using keytab: %s", options.keytab) root_logger.info("%s", stdout) - print_port_conf_info() return CLIENT_INSTALL_ERROR else: root_logger.error("Keytab file could not be found: %s" -- 18.104.22.168
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel