[Freeipa-devel] [PATCH] 703 389-ds startup with krb config

Rob Crittenden rcritten at redhat.com
Thu Feb 10 21:32:48 UTC 2011 

Jakub Hrozek wrote:
> On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
>> If /etc/krb5.conf doesn't exist or contains no default kerberos
>> realm then 389-ds won't start at all. This is a problem during
>> installation because we configure 389 first.
>>
>> This patch will let the server come up, you just won't be able to do
>> any joins or password changes until you configure kerberos.
>>
>> ticket 606
>>
>> rob
>
>
> I wasn't able to install with this patch when I had no /etc/krb5.conf at
> all.
>
> Here's what the DS error log said:
> ---
> 10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
> ipa_enrollment.c, line 389]: Failed to get default realm?!
> [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
> ipa_enrollment_extop
> [10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
> ipa_enrollment.c, line 389]: Failed to get default realm?!
> [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
> ipa_enrollment_extop
> [10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
> ipa_enrollment.c, line 389]: Failed to get default realm?!
> [10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
> ipa_enrollment_extop
> ---
>
> Looking at ipaenrollment_start(), it looks like the culprit is that when
> krb5_get_default_realm() fails, ret is set to an error code and
> returned. It should be either reset to LDAP_SUCCESS or maybe rc should
> be used instead.
>
> Also one nitpick. This:
>
> -static char *realm;
> -static const char *ipa_realm_dn;
> +static char *realm = NULL;
> +static const char *ipa_realm_dn = NULL;
>
> Is not neccessary, global variables are initialized to NULL
> automatically.

Updated patch attached. I was able to do full install with this one.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-703-2-startup.patch
Type: application/mbox
Size: 6142 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110210/50f47a7b/attachment.mbox>

More information about the Freeipa-devel mailing list