Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
On Sat, 25 Feb 2012, Ondrej Hamada wrote: On 02/25/2012 08:30 PM, Alexander Bokovoy wrote: On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 NACK. According to the original request, authconfig will do nsswitch/PAM configuration *after* ipa-client-install run so the following check in ipa-client-install will fail with --noac: +#Check that nss is working properly +if not options.on_master: +n = 0 +found = False +# Loop for up to 10 seconds to see if nss is working properly. +# It can sometimes take a few seconds to connect to the remote provider. +# Particulary, SSSD might take longer than 6-8 seconds. +while n 10 and not found: +try: +ipautil.run([getent, passwd, admin]) +found = True +except Exception, e: +time.sleep(1) +n = n + 1 This check never happens with --noac. I've rechecked the indentation (I admit it's badly visible in the patch file) and it's ok. OK then. ACK. Please, someone commit this path as my git trees are a bit in flux due to trusts work and I'm deep in Samba 16-byte session key fixes right now. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
Alexander Bokovoy wrote: On Sat, 25 Feb 2012, Ondrej Hamada wrote: On 02/25/2012 08:30 PM, Alexander Bokovoy wrote: On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 NACK. According to the original request, authconfig will do nsswitch/PAM configuration *after* ipa-client-install run so the following check in ipa-client-install will fail with --noac: +#Check that nss is working properly +if not options.on_master: +n = 0 +found = False +# Loop for up to 10 seconds to see if nss is working properly. +# It can sometimes take a few seconds to connect to the remote provider. +# Particulary, SSSD might take longer than 6-8 seconds. +while n 10 and not found: +try: +ipautil.run([getent, passwd, admin]) +found = True +except Exception, e: +time.sleep(1) +n = n + 1 This check never happens with --noac. I've rechecked the indentation (I admit it's badly visible in the patch file) and it's ok. OK then. ACK. Please, someone commit this path as my git trees are a bit in flux due to trusts work and I'm deep in Samba 16-byte session key fixes right now. Simo pushed this to master and ipa-2-2 I added --noac to the ipa-client-install man page and pushed that under the 1-liner rule. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
On Mon, 2012-03-05 at 16:04 +0200, Alexander Bokovoy wrote: On Sat, 25 Feb 2012, Ondrej Hamada wrote: On 02/25/2012 08:30 PM, Alexander Bokovoy wrote: On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 NACK. According to the original request, authconfig will do nsswitch/PAM configuration *after* ipa-client-install run so the following check in ipa-client-install will fail with --noac: +#Check that nss is working properly +if not options.on_master: +n = 0 +found = False +# Loop for up to 10 seconds to see if nss is working properly. +# It can sometimes take a few seconds to connect to the remote provider. +# Particulary, SSSD might take longer than 6-8 seconds. +while n 10 and not found: +try: +ipautil.run([getent, passwd, admin]) +found = True +except Exception, e: +time.sleep(1) +n = n + 1 This check never happens with --noac. I've rechecked the indentation (I admit it's badly visible in the patch file) and it's ok. OK then. ACK. Please, someone commit this path as my git trees are a bit in flux due to trusts work and I'm deep in Samba 16-byte session key fixes right now. Pushed to 2.2 and master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 NACK. According to the original request, authconfig will do nsswitch/PAM configuration *after* ipa-client-install run so the following check in ipa-client-install will fail with --noac: +#Check that nss is working properly +if not options.on_master: +n = 0 +found = False +# Loop for up to 10 seconds to see if nss is working properly. +# It can sometimes take a few seconds to connect to the remote provider. +# Particulary, SSSD might take longer than 6-8 seconds. +while n 10 and not found: +try: +ipautil.run([getent, passwd, admin]) +found = True +except Exception, e: +time.sleep(1) +n = n + 1 -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
On 02/25/2012 08:30 PM, Alexander Bokovoy wrote: On Thu, 23 Feb 2012, Ondrej Hamada wrote: Option '--noac' was added. If set, the ipa-client-install will not call authconfig for setting nsswitch.conf and PAM configuration. In fact no configuration of nsswitch.conf or PAM would be done at all. https://fedorahosted.org/freeipa/ticket/2369 NACK. According to the original request, authconfig will do nsswitch/PAM configuration *after* ipa-client-install run so the following check in ipa-client-install will fail with --noac: +#Check that nss is working properly +if not options.on_master: +n = 0 +found = False +# Loop for up to 10 seconds to see if nss is working properly. +# It can sometimes take a few seconds to connect to the remote provider. +# Particulary, SSSD might take longer than 6-8 seconds. +while n 10 and not found: +try: +ipautil.run([getent, passwd, admin]) +found = True +except Exception, e: +time.sleep(1) +n = n + 1 This check never happens with --noac. I've rechecked the indentation (I admit it's badly visible in the patch file) and it's ok. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
