[Freeipa-devel] [PATCH] 0020 Make pkinit optional in ipa-replica-prepare
Fixes #527 Simo. -- Simo Sorce * Red Hat, Inc * New York From ea5b717d0db97c33a62239319baddf80aeeb5dba Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 22 Nov 2010 13:29:56 -0500 Subject: [PATCH] Make pkinit setup optional in ipa-replica-prepare too. Fixes: https://fedorahosted.org/freeipa/ticket/527 --- install/tools/ipa-replica-prepare |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index af768015510f47eacfd7643359216a9f49497020..bafb89e45d1e2dc219de9dc7bc568596e5030ad6 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -84,6 +84,10 @@ def parse_options(): if len(args) != 1: parser.error(must provide the fully-qualified name of the replica) +#Automatically disable pkinit w/ dogtag until that is supported +if not options.pkinit_pkcs12 and not options.selfsign: +options.setup_pkinit = False + return options, args def get_subject_base(host_name, dm_password, suffix): -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Make pkinit optional in ipa-replica-prepare
Simo Sorce wrote: Fixes #527 Simo. There is no selfsign option in ipa-replica-prepare. At best you can detect whether it is selfsigned by calling certs.ipa_self_signed() rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0020 Make pkinit optional in ipa-replica-prepare
On Mon, 22 Nov 2010 13:34:57 -0500 Simo Sorce sso...@redhat.com wrote: Fixes #527 Simo. A copypaste from ipa-server-install was a bit too optimistic. Attached a new patch that actually works (tested). Simo. -- Simo Sorce * Red Hat, Inc * New York From ee86bee78184bf7a647243492dfcd1a97e402545 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 22 Nov 2010 13:29:56 -0500 Subject: [PATCH] Make pkinit setup optional in ipa-replica-prepare too. Fixes: https://fedorahosted.org/freeipa/ticket/527 --- install/tools/ipa-replica-prepare |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index af768015510f47eacfd7643359216a9f49497020..d70741f1a1208ca6a2a1a6cad4d09ae4962b8040 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -242,6 +242,11 @@ def main(): api.bootstrap(in_server=True) api.finalize() +#Automatically disable pkinit w/ dogtag until that is supported +#[certs.ipa_self_signed() must be called only after api.finalize()] +if not options.pkinit_pkcs12 and not certs.ipa_self_signed(): +options.setup_pkinit = False + if options.ip_address: if not bindinstance.dns_container_exists(api.env.host, api.env.realm): print You can't add a DNS record because DNS is not set up. -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel