Hello,

The attached patch should improve handling of client re-enrollment
related options of ipa-client-install.

https://fedorahosted.org/freeipa/ticket/3686

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 73b05c853b126f87571e56a54b681e40cfe751b3 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Wed, 5 Jun 2013 15:52:47 +0200
Subject: [PATCH] Improve handling of options in ipa-client-install

Improve handling of command line options related to forced client re-enrollment
in ipa-client-install:

* Make --keytab and --principal options mutually exclusive.
* Warn that using --force-join together with --keytab provides no additional
  functionality.

https://fedorahosted.org/freeipa/ticket/3686
---
 ipa-client/ipa-install/ipa-client-install | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index e86564dddef66ed1a75f9711de0c80b1820ee154..a5ba46cfcb1f60cf6e44a711f16de56ae8c0d71b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1844,6 +1844,15 @@ def install(options, env, fstore, statestore):
                 "nss_ldap or nss-pam-ldapd")
             return CLIENT_INSTALL_ERROR
 
+    if options.keytab and options.principal:
+        root_logger.error("Options 'principal' and 'keytab' cannot be used "
+                          "together.")
+        return CLIENT_INSTALL_ERROR
+
+    if options.keytab and options.force_join:
+        root_logger.warning("Option 'force-join' has no additional effect "
+                            "when used with together with option 'keytab'.")
+
     # Create the discovery instance
     ds = ipadiscovery.IPADiscovery()
 
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to