[Freeipa-devel] [PATCH] 0005 Always qualify requests for admin in ipa-replica-conncheck
Martin Basti
mbasti at redhat.com
Tue Jun 7 16:23:37 UTC 2016
On 07.06.2016 17:25, Florence Blanc-Renaud wrote:
> On 06/06/2016 07:18 PM, Martin Basti wrote:
>>
>>
>>
>> On 02.06.2016 14:58, Florence Blanc-Renaud wrote:
>>>
>>> Hi,
>>>
>>> this patch modifies ipa-replica-conncheck when it performs the SSH
>>> connection to the master, so that the username is always fully
>>> qualified.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5812
>>> --
>>> Florence Blanc-Renaud
>>> Identity Management Team, Red Hat
>>>
>>>
>>
>> LGTM, but because current issues with replica install in master
>> branch, I couldn't test it and I would like to be sure that
>> ipa-replica-install using NTP will work too
>>
>>
>> Just little nitpick, for better readibility, 'command' should be on
>> new line
>> - '%s@%s' % (self.user, self.addr), command
>> + '-o User=%s' % self.user,
>> + '%s' % self.addr, command
>>
>> Martin^2
>
> Hi Martin,
>
> thanks for the review. I am attaching a new patch with your
> suggestion. Just for my record, what would be the command-line options
> to test the scenario you're referring to?
>
> Flo.
>
Hello,
scenario is:
1. install server
2. create host entry with OTP (ipa host-add replica.hostname
--password=OTPpasswd)
3. add host to ipaservers group (ipa hostgroup-add-member ipaservers
--hosts=replica.hostname)
4. install replica (ipa-replica-install --server <hostname of master>
--domain <domain name of master> --password=OTPpasswd)
Martin^2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160607/ffa3ba67/attachment.htm>
More information about the Freeipa-devel
mailing list