[Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
Ondrej Hamada
ohamada at redhat.com
Sat Feb 25 19:38:40 UTC 2012
On 02/25/2012 08:30 PM, Alexander Bokovoy wrote:
> On Thu, 23 Feb 2012, Ondrej Hamada wrote:
>
>> Option '--noac' was added. If set, the ipa-client-install will not call
>> authconfig for setting nsswitch.conf and PAM configuration. In
>> fact no configuration of nsswitch.conf or PAM would be done at
>> all.
>>
>> https://fedorahosted.org/freeipa/ticket/2369
> NACK.
>
> According to the original request, authconfig will do
> nsswitch/PAM configuration *after* ipa-client-install run so the
> following check in ipa-client-install will fail with --noac:
>
>> + #Check that nss is working properly
>> + if not options.on_master:
>> + n = 0
>> + found = False
>> + # Loop for up to 10 seconds to see if nss is working properly.
>> + # It can sometimes take a few seconds to connect to the remote provider.
>> + # Particulary, SSSD might take longer than 6-8 seconds.
>> + while n< 10 and not found:
>> + try:
>> + ipautil.run(["getent", "passwd", "admin"])
>> + found = True
>> + except Exception, e:
>> + time.sleep(1)
>> + n = n + 1
>
This check never happens with --noac. I've rechecked the indentation (I
admit it's badly visible in the patch file) and it's ok.
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada
More information about the Freeipa-devel
mailing list