[Freeipa-devel] reason for re-install failure

Karl MacMillan kmacmill at redhat.com
Tue Sep 11 18:25:50 UTC 2007 

On Mon, 2007-09-10 at 16:11 -0400, Rob Crittenden wrote:
> Karl MacMillan wrote:
> > On Mon, 2007-09-10 at 09:41 -0400, Rob Crittenden wrote:
> >> Simo Sorce wrote:
> >>> On Mon, 2007-09-10 at 09:30 -0400, Karl MacMillan wrote:
> >>>> On Mon, 2007-09-10 at 09:24 -0400, Rob Crittenden wrote:
> >>>>> Karl MacMillan wrote:
> >>>>>> On Fri, 2007-09-07 at 16:07 -0400, Simo Sorce wrote:
> >>>>>>> On Fri, 2007-09-07 at 15:47 -0400, Rob Crittenden wrote:
> >>>>>>>> I ran into the "fail on re-install" problem where the install fails on a 
> >>>>>>>> kadmin timeout.
> >>>>>>>>
> >>>>>>>> The problem is that the installation appends the new password to 
> >>>>>>>> /var/kerberos/krb5kdc/ldappwd. This can lead to duplicate entries and it 
> >>>>>>>> apparently makes things flip out. I just removed that file and the 
> >>>>>>>> re-install went fine.
> >>>>>>> Ok this maybe seen as a bug, should we backup and move the original file
> >>>>>>> on installation ?
> >>>>>>>
> >>>>>>> Simo.
> >>>>>> Nah - I think we should just have a set of re-install diections that
> >>>>>> tell how to remove FDS instances and fix this problem.
> >>>>>>
> >>>>>> Karl
> >>>>>>
> >>>>> It's really a kerberos bug. I think we should simply replace any 
> >>>>> existing entries. We have a very specific DN in there. Replacing it is 
> >>>>> likely the right thing to do.
> >>>>>
> >>>> I'm fine with that - I was only trying to avoid really solving the
> >>>> reinstall problem. I think it is just too hard to get right and will eat
> >>>> up a lot of time.
> >>>>
> >>>> So, you are suggesting intelligently editing that file if it exists
> >>>> rather than replacing?
> >>> No, just replacing it, and, perhaps backup-ing the original one.
> >>> ldappwd contains just one line.
> >>>
> >>> Simo.
> >>>
> >> Yup, in theory this is right. I think this file falls under the "we own 
> >> it, we'll do what we want" category.
> >>
> > 
> > The attached patch should fix this, correct?
> > 
> > Karl
> > 
> 
> Yup, +1.
> 

Pushed - Karl
> rob

More information about the Freeipa-devel mailing list