[Pki-devel] [PATCH] 199 Added interactive subsystem installation.
Ade Lee
alee at redhat.com
Tue Jan 8 20:25:42 UTC 2013
More feedback:
1. What does python -u do?
In general, the code changes look fine.
Ade
On Tue, 2013-01-08 at 14:53 -0500, Ade Lee wrote:
> Some immediate feedback.
>
> 1. We ought to have some code to ensure that only one invocation of
> pkispawn or pkidestroy is running at a time. This is important for
> selinux. Maybe this is a separate ticket.
>
> 2. We should prompt for passwords twice and confirm that the passwords
> match (as they are not displayed).
>
> 3. After all inputs are entered, it would be good to output something
> like "Starting installation ...". It would also be good to print out
> the choices made, and allow them to go back and change them by typing
> "back" - just like DS does.
>
> 4. Man page for pkispawn and pkidestroy needs to be updated. Similarly
> for pkispawn -h.
>
> 5. For subsystem type - entering something incorrect - like RAT for
> example, causes an unsightly traceback.
>
> 6. When installing a KRA, you are prompted for a security domain admin
> certificate --why?
>
> 7. When installing KRA (and OCSP and TKS), you need to be prompted for
> connection info to two CA's -- the security domain CA, and the issuing
> CA. These need not be the same.
>
> 8. How do you handle the admin cert ie. whether to create a new admin or
> reuse the cert of an old admin? I suspect this is related to question 6
> above.
>
> 9. It would be nice if the interactive script wrong out a config file
> (maybe with passwords XXX'ed out) after the install.
>
> Looking at code next ...
>
>
>
>
> On Fri, 2013-01-04 at 05:11 +0700, Endi Sukma Dewata wrote:
> > On 1/3/2013 7:58 PM, Endi Sukma Dewata wrote:
> > > The pkispawn has been modified such that if there is no configuration
> > > file specified it will enter an interactive mode.
> > >
> > > Ticket #380
> > >
> > > The pkidestroy will be modified in a separate patch.
> >
> > Nevermind. The new patch contains cleanups and the pkidestroy changes.
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list