[Freeipa-devel] Milestone 4 almost done

Karl MacMillan kmacmill at redhat.com
Sun Sep 30 22:15:49 UTC 2007 

On Sun, 2007-09-30 at 13:28 -0400, Simo Sorce wrote:
> On Fri, 2007-09-28 at 16:57 -0400, Karl MacMillan wrote:
> > I'm planning on pushing out a milestone 4 release on Monday after doing
> > some testing. Other than some pending patches from Kevin, anything else
> > need to be merged for this release?
> 
> I am still having problems with apache and kerberos
> 
> My debugging on the plane turns out to show that a call to the kerberos
> library tells back that I have no delegated credentials (but klist shows
> the ticket is forwardable).
> 
> It would be nice to understand if it is something in my environment that
> is wrong or if there is a more general problem and what causes it.
> 
> On Monday I hope to have the time to install an F-7 from scratch and see
> if I can install and make it working.
> 

Have you upgraded your mod_auth_kerb and installed the new PyKerberos
that Rob posted Fri? That (and setting my hostname correctly) fixed all
of my problems.

It would be great if you could test everything on Mon. and let me know
if it works. If it does that would mean that at least 3 of us have
everything working - which would count as well tested at this point :)

> Another problem we have and that we ditched so far is installing on
> dirty systems. So far we thought we should not support it because we
> install on clean systems. Yesterday (always on the plane) I found out
> why we are wrong: I hit ctrl-c in the middle of the installation.
> Rerunning ipa-server-install didn't work. This is not acceptable IMO.
> Not sure if this should impact at all Milestone 4, comments are welcome.
> 

The only thing I have to do to reinstall is:

a) stop all of the ipa components
b) delete the dirsrv instance

Does that match your experience? We could automate that, but I hesitate
to delete data. Maybe offer to move aside the dirsrv instance data? Also
- do we _really_ need the guid naming for the dirsrv instance. It is
really a pain and I'm not convinced that we need uniqueness like that.

Also - do we need a convenient way to start/stop all of the IPA related
daemons?

Regardless, let's put some solution on the list of things to do, but not
delay milestone 4.

Karl

More information about the Freeipa-devel mailing list