On 04/27/2012 02:43 PM, John Dennis wrote:
On 04/27/2012 04:45 AM, Petr Spacek wrote:
On 04/26/2012 11:42 PM, Simo Sorce wrote:
On Thu, 2012-04-26 at 21:18 +0000, Steven Jones wrote:


I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt
work....slight oops there...

Hi Steve,
can you be more explicit on how you 'shutdown' IPv6 ?
And can you please tell exactly how IPA breaks in that case ?

Is this after IPA is fully installed ? Or does the installer fail ?


Is it same issue as described in
https://www.redhat.com/archives/freeipa-users/2012-April/msg00160.html ?

We do IPv6 in several places, but a while ago I noticed the way we iterate
over address families in nsslib in conjunction with getaddrinfo (the
io.AddrInfo class) looks dubious, it seems overly complex as if it's trying to
force a family selection (not sure, I would have to go back and really look at
the code again).
Family selection should not be enforced from our code, I think. This way can create hidden dependency based on our (probably wrong) assumptions.

In any event getaddrinfo is designed to return a list of possible addresses
sorted in priority order by the system. You're supposed to start at the first
address in the list and see if you can connect, if not try the next address.
You're not supposed to take addresses in the list based on some other criteria
(which is what we seem to be doing with the family).

FWIW, the raw c lib getaddrinfo allows one to specify constraints (such as
family), unfortunately NSPR (the wrapper around getaddrinfo in nsslib) does
not permit this, not sure why (probably because NSPR has to fallback to other
mechanisms if getaddrinfo is not available)

AFAIK "right place" to specify this kind of constraints is to use "/etc/gai.conf" configuration file. NSPR ignores it?

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to