On Mon, 22 Nov 2010 13:34:57 -0500
Simo Sorce sso...@redhat.com wrote:
Fixes #527
Simo.
A copypaste from ipa-server-install was a bit too optimistic.
Attached a new patch that actually works (tested).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From ee86bee78184bf7a647243492dfcd1a97e402545 Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Mon, 22 Nov 2010 13:29:56 -0500
Subject: [PATCH] Make pkinit setup optional in ipa-replica-prepare too.
Fixes: https://fedorahosted.org/freeipa/ticket/527
---
install/tools/ipa-replica-prepare |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index af768015510f47eacfd7643359216a9f49497020..d70741f1a1208ca6a2a1a6cad4d09ae4962b8040 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -242,6 +242,11 @@ def main():
api.bootstrap(in_server=True)
api.finalize()
+#Automatically disable pkinit w/ dogtag until that is supported
+#[certs.ipa_self_signed() must be called only after api.finalize()]
+if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
+options.setup_pkinit = False
+
if options.ip_address:
if not bindinstance.dns_container_exists(api.env.host, api.env.realm):
print You can't add a DNS record because DNS is not set up.
--
1.7.3.2
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel