On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote:
> Added warning if cert. exists (client)
> 
> https://fedorahosted.org/freeipa/ticket/3944
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Supress warning if user select /etc/ipa/ca.crt manually with
--ca-cert-file option

-- 
Martin Basti
>From 129183b1d8237eca61bd9219d7c44a84e1747cce Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 15 Oct 2013 11:31:49 +0200
Subject: [PATCH] Added warning if cert '/etc/ipa/ca.cert' exists

https://fedorahosted.org/freeipa/ticket/3944
---
 ipa-client/ipa-install/ipa-client-install | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3c78c844b17468f347ef04198d58a12b11e4b4cb..00a45a8929783d3e0f71171a6a149f5633396f53 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1889,6 +1889,12 @@ def install(options, env, fstore, statestore):
         root_logger.warning("Option 'force-join' has no additional effect "
                             "when used with together with option 'keytab'.")
 
+    # Check if old certificate exist and show warning
+    if not options.ca_cert_file and get_cert_path(options.ca_cert_file) == CACERT:
+        root_logger.warning("Certificate '%s' exists and will be used. "
+                            "Make sure that certificate is valid (or remove it), "
+                            "otherwise client will not be able to join.", CACERT)
+
     # Create the discovery instance
     ds = ipadiscovery.IPADiscovery()
 
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to