[Freeipa-devel] [PATCH 0026] ipa-server-install: deprecate manual setting of master KDC password

Wed, 01 Apr 2015 08:08:46 -0700 

https://fedorahosted.org/freeipa/ticket/4516

--
Martin^3 Babinsky

From 4237d0d11ab6fd34d066dba3f3d72bfa8c8a52d8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 31 Mar 2015 10:02:52 +0200
Subject: [PATCH] ipa-server-install: deprecate manual setting of master KDC
 password

Option '-P' was used in older version of FreeIPA to set up KDC master password
during server install. This is no longer neccessary or desirable since the
password of sufficient strength can be generated automatically during
installation.

https://fedorahosted.org/freeipa/ticket/4516
---
 install/tools/ipa-server-install       | 8 +++++++-
 install/tools/man/ipa-server-install.1 | 8 +++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 56a43770d95387762bce09634bd1056ba7f20576..9f237b8fcd9d21604b3ef4e0ada0e5427cd0e162 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -167,7 +167,7 @@ def parse_options():
                       sensitive=True, help="Directory Manager password")
     basic_group.add_option("-P", "--master-password",
                       dest="master_password", sensitive=True,
-                      help="kerberos master password (normally autogenerated)")
+                      help=SUPPRESS_HELP)
     basic_group.add_option("-a", "--admin-password",
                       sensitive=True, dest="admin_password",
                       help="admin user kerberos password")
@@ -697,6 +697,12 @@ def main():
     signal.signal(signal.SIGTERM, signal_handler)
     signal.signal(signal.SIGINT, signal_handler)
 
+    if options.master_password:
+        msg = ("WARNING:\noption '-P/--master-password' is deprecated. "
+               "KDC master password of sufficient strength is autogenerated "
+               "during IPA server installation and should not be set "
+               "manually.")
+        print textwrap.fill(msg, width=79, replace_whitespace=False)
     if options.uninstall:
         uninstalling = True
         standard_logging_setup(paths.IPASERVER_UNINSTALL_LOG, debug=options.debug)
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index e5224b110b136cbf56bf82887709a46880f22e89..1eaed72119a9cd2f9876d3dc3c4a662782c18a36 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -36,9 +36,6 @@ Your DNS domain name
 \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
 The password to be used by the Directory Server for the Directory Manager user
 .TP
-\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
-The kerberos master password (normally autogenerated)
-.TP
 \fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
 The password for the IPA admin user
 .TP
@@ -176,6 +173,11 @@ Uninstall an existing IPA installation
 \fB\-U\fR, \fB\-\-unattended\fR
 An unattended uninstallation that will never prompt for user input
 
+.SH "DEPRECATED OPTIONS"
+.TP
+\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
+The kerberos master password (normally autogenerated).
+
 .SH "EXIT STATUS"
 0 if the (un)installation was successful
 
-- 
2.1.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to