[Freeipa-devel] [PATCH] 703 389-ds startup with krb config
Jakub Hrozek
jhrozek at redhat.com
Thu Feb 10 12:41:13 UTC 2011
On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
> If /etc/krb5.conf doesn't exist or contains no default kerberos
> realm then 389-ds won't start at all. This is a problem during
> installation because we configure 389 first.
>
> This patch will let the server come up, you just won't be able to do
> any joins or password changes until you configure kerberos.
>
> ticket 606
>
> rob
I wasn't able to install with this patch when I had no /etc/krb5.conf at
all.
Here's what the DS error log said:
---
10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
---
Looking at ipaenrollment_start(), it looks like the culprit is that when
krb5_get_default_realm() fails, ret is set to an error code and
returned. It should be either reset to LDAP_SUCCESS or maybe rc should
be used instead.
Also one nitpick. This:
-static char *realm;
-static const char *ipa_realm_dn;
+static char *realm = NULL;
+static const char *ipa_realm_dn = NULL;
Is not neccessary, global variables are initialized to NULL
automatically.
More information about the Freeipa-devel
mailing list