[Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
Rob Crittenden
rcritten at redhat.com
Mon Mar 5 15:25:58 UTC 2012
Alexander Bokovoy wrote:
> On Sat, 25 Feb 2012, Ondrej Hamada wrote:
>> On 02/25/2012 08:30 PM, Alexander Bokovoy wrote:
>>> On Thu, 23 Feb 2012, Ondrej Hamada wrote:
>>>
>>>> Option '--noac' was added. If set, the ipa-client-install will not call
>>>> authconfig for setting nsswitch.conf and PAM configuration. In
>>>> fact no configuration of nsswitch.conf or PAM would be done at
>>>> all.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2369
>>> NACK.
>>>
>>> According to the original request, authconfig will do
>>> nsswitch/PAM configuration *after* ipa-client-install run so the
>>> following check in ipa-client-install will fail with --noac:
>>>
>>>> + #Check that nss is working properly
>>>> + if not options.on_master:
>>>> + n = 0
>>>> + found = False
>>>> + # Loop for up to 10 seconds to see if nss is working properly.
>>>> + # It can sometimes take a few seconds to connect to the remote provider.
>>>> + # Particulary, SSSD might take longer than 6-8 seconds.
>>>> + while n< 10 and not found:
>>>> + try:
>>>> + ipautil.run(["getent", "passwd", "admin"])
>>>> + found = True
>>>> + except Exception, e:
>>>> + time.sleep(1)
>>>> + n = n + 1
>>>
>> This check never happens with --noac. I've rechecked the indentation
>> (I admit it's badly visible in the patch file) and it's ok.
> OK then. ACK.
>
> Please, someone commit this path as my git trees are a bit in flux due
> to trusts work and I'm deep in Samba 16-byte session key fixes right
> now.
>
Simo pushed this to master and ipa-2-2
I added --noac to the ipa-client-install man page and pushed that under
the 1-liner rule.
rob
More information about the Freeipa-devel
mailing list