[Freeipa-devel] [PATCH 0441] Configure httpd service from installer
Jan Cholasta
jcholast at redhat.com
Thu Mar 24 13:08:59 UTC 2016
On 18.3.2016 15:12, Martin Babinsky wrote:
> On 03/17/2016 05:36 PM, Martin Basti wrote:
>> https://fedorahosted.org/freeipa/ticket/5681
>>
>> Patch attached.
>>
>>
> Hi Martin,
>
> Nitpick attack:
>
> Please fix the commit message: "File httpd.service was created by RPM,
> what causes that httpd service may", should be "..., which causes"
>
> Otherwise the code looks good and works as expected.
>
> However, you still cannot start httpd.service after ipa-server
> uninstallation because some leftovers in /ipa/httpd/alias cause mod_nss
> to fail (see http error_log):
>
> """
> [Fri Mar 18 12:43:29.320276 2016] [suexec:notice] [pid 2033] AH01232:
> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Fri Mar 18 12:43:29.320288 2016] [:warn] [pid 2033]
> NSSSessionCacheTimeout is deprecated. Ignoring.
> [Fri Mar 18 12:43:29.444287 2016] [:error] [pid 2033] Password for slot
> internal is incorrect.
> [Fri Mar 18 12:43:29.446090 2016] [:error] [pid 2033] NSS initialization
> failed. Certificate database: /etc/httpd/alias.
> [Fri Mar 18 12:43:29.446100 2016] [:error] [pid 2033] SSL Library Error:
> -8177 The security password entered is incorrect
>
> """
>
> I guess that this is beyond this patch, since I think it is related to
> https://fedorahosted.org/freeipa/ticket/4639 but I am not sure. CC'ing
> Jan who owns the ticket.
It seems so, on uninstall we restore mod_nss config, so httpd uses the
default password (whatever that is), but the database still uses the
password set by us on install.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list