[Pki-devel] [PATCH] 199 Added interactive subsystem installation.
Ade Lee
alee at redhat.com
Tue Jan 8 19:53:00 UTC 2013
Some immediate feedback.
1. We ought to have some code to ensure that only one invocation of
pkispawn or pkidestroy is running at a time. This is important for
selinux. Maybe this is a separate ticket.
2. We should prompt for passwords twice and confirm that the passwords
match (as they are not displayed).
3. After all inputs are entered, it would be good to output something
like "Starting installation ...". It would also be good to print out
the choices made, and allow them to go back and change them by typing
"back" - just like DS does.
4. Man page for pkispawn and pkidestroy needs to be updated. Similarly
for pkispawn -h.
5. For subsystem type - entering something incorrect - like RAT for
example, causes an unsightly traceback.
6. When installing a KRA, you are prompted for a security domain admin
certificate --why?
7. When installing KRA (and OCSP and TKS), you need to be prompted for
connection info to two CA's -- the security domain CA, and the issuing
CA. These need not be the same.
8. How do you handle the admin cert ie. whether to create a new admin or
reuse the cert of an old admin? I suspect this is related to question 6
above.
9. It would be nice if the interactive script wrong out a config file
(maybe with passwords XXX'ed out) after the install.
Looking at code next ...
On Fri, 2013-01-04 at 05:11 +0700, Endi Sukma Dewata wrote:
> On 1/3/2013 7:58 PM, Endi Sukma Dewata wrote:
> > The pkispawn has been modified such that if there is no configuration
> > file specified it will enter an interactive mode.
> >
> > Ticket #380
> >
> > The pkidestroy will be modified in a separate patch.
>
> Nevermind. The new patch contains cleanups and the pkidestroy changes.
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list