[Freeipa-devel] Milestone 4 almost done

Rob Crittenden rcritten at redhat.com
Mon Oct 1 13:15:00 UTC 2007 

Karl MacMillan wrote:
> On Sun, 2007-09-30 at 13:28 -0400, Simo Sorce wrote:
>> On Fri, 2007-09-28 at 16:57 -0400, Karl MacMillan wrote:
>>> I'm planning on pushing out a milestone 4 release on Monday after doing
>>> some testing. Other than some pending patches from Kevin, anything else
>>> need to be merged for this release?
>> I am still having problems with apache and kerberos
>>
>> My debugging on the plane turns out to show that a call to the kerberos
>> library tells back that I have no delegated credentials (but klist shows
>> the ticket is forwardable).
>>
>> It would be nice to understand if it is something in my environment that
>> is wrong or if there is a more general problem and what causes it.
>>
>> On Monday I hope to have the time to install an F-7 from scratch and see
>> if I can install and make it working.
>>
> 
> Have you upgraded your mod_auth_kerb and installed the new PyKerberos
> that Rob posted Fri? That (and setting my hostname correctly) fixed all
> of my problems.
> 
> It would be great if you could test everything on Mon. and let me know
> if it works. If it does that would mean that at least 3 of us have
> everything working - which would count as well tested at this point :)
> 
>> Another problem we have and that we ditched so far is installing on
>> dirty systems. So far we thought we should not support it because we
>> install on clean systems. Yesterday (always on the plane) I found out
>> why we are wrong: I hit ctrl-c in the middle of the installation.
>> Rerunning ipa-server-install didn't work. This is not acceptable IMO.
>> Not sure if this should impact at all Milestone 4, comments are welcome.
>>
> 
> The only thing I have to do to reinstall is:
> 
> a) stop all of the ipa components
> b) delete the dirsrv instance
> 
> Does that match your experience? We could automate that, but I hesitate
> to delete data. Maybe offer to move aside the dirsrv instance data? Also
> - do we _really_ need the guid naming for the dirsrv instance. It is
> really a pain and I'm not convinced that we need uniqueness like that.

What we can do is detect another DS instance and simply refuse to do 
anything until it is gone. Let the user delete the data.

> Also - do we need a convenient way to start/stop all of the IPA related
> daemons?

I'm not sure why one would need to do this.


> Regardless, let's put some solution on the list of things to do, but not
> delay milestone 4.
> 

I agree.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071001/2f73b0eb/attachment.bin>

More information about the Freeipa-devel mailing list