On 06/01/2010 02:43 PM, Rob Crittenden wrote:
I used python-krbV to get the configured kerberos realm so we could
clean up /etc/krb5.keytab. This is a bit heavy-weight for one line of
code. We can instead parse /etc/ipa/default.conf to get the same thing
without an additional Requires.
rob
Pat
I used python-krbV to get the configured kerberos realm so we could
clean up /etc/krb5.keytab. This is a bit heavy-weight for one line of
code. We can instead parse /etc/ipa/default.conf to get the same thing
without an additional Requires.
rob
freeipa-459-client.patch
Description: applicati
Pavel Zuna wrote:
On 05/28/2010 05:22 PM, Rob Crittenden wrote:
The preop.pin is used to authenticate the admin when doing CA
enrollment. We were assuming it would be available and things blow up
badly if not (we end up passing None as an argument to exec). If there
isn't a preop pin there is no
Pavel Zuna wrote:
On 05/27/2010 11:52 PM, Rob Crittenden wrote:
ipa-replica-manage can use the current kerberos credentials for some
commands now. To make it a bit nicer to use fall back to prompt for the
DM password if there are no credentials. I've found it handy to have
this in development.
Pavel Zuna wrote:
On 05/27/2010 07:04 PM, Rob Crittenden wrote:
For v2 upgrades we want the LDAP server to be quiet so we will shut it
down, disable its TCP listeners and bring it back up to update over
ldapi. This also enables autobind so we can bind as root and perform
operations as Directory
Pavel Zuna wrote:
On 05/27/2010 11:51 PM, Rob Crittenden wrote:
If a host is already enrolled (either as a client or a former replica)
then ipa-replica-install will fail spectacularly with an error about a
missing keytab. This is because some entries already exist and it
totally confuses things.
On 05/27/2010 11:51 PM, Rob Crittenden wrote:
If a host is already enrolled (either as a client or a former replica)
then ipa-replica-install will fail spectacularly with an error about a
missing keytab. This is because some entries already exist and it
totally confuses things. We need to start t
On 05/27/2010 07:04 PM, Rob Crittenden wrote:
For v2 upgrades we want the LDAP server to be quiet so we will shut it
down, disable its TCP listeners and bring it back up to update over
ldapi. This also enables autobind so we can bind as root and perform
operations as Directory Manager and not req
On 05/28/2010 05:22 PM, Rob Crittenden wrote:
The preop.pin is used to authenticate the admin when doing CA
enrollment. We were assuming it would be available and things blow up
badly if not (we end up passing None as an argument to exec). If there
isn't a preop pin there is no need to do anythin
On 05/27/2010 11:52 PM, Rob Crittenden wrote:
ipa-replica-manage can use the current kerberos credentials for some
commands now. To make it a bit nicer to use fall back to prompt for the
DM password if there are no credentials. I've found it handy to have
this in development.
I also fix up the e
10 matches
Mail list logo