diff options
| author | Simo Sorce <ssorce@redhat.com> | 2008-09-17 09:45:00 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2008-09-18 17:27:41 -0400 |
| commit | c11157246757a9b00c7bd8d6c5cc870b844b2fc2 (patch) | |
| tree | 53b6df32f3a947b836aa7316d0dd071e7605948a | |
| parent | 7ea485fc42df146cbc2537ce768723a1049da291 (diff) | |
| download | freeipa-c11157246757a9b00c7bd8d6c5cc870b844b2fc2.tar.gz freeipa-c11157246757a9b00c7bd8d6c5cc870b844b2fc2.tar.xz freeipa-c11157246757a9b00c7bd8d6c5cc870b844b2fc2.zip | |
We were assuming that, if the realm was correct then also the
rest of the krb5.conf configuration were. This clearly breaks
with the default EXAMPLE.COM realm configuratrion. Furthermore
it makes it not possible to try to 'fix' an installation by
rerruninng ipa-client-install
This patch removes the special case and avoids krb5.conf only
if the on_master flag is passed.
Fix also one inner 'if' statement to be simpler to understand.
| -rw-r--r-- | ipa-client/ipa-install/ipa-client-install | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index eec36e4e3..cd5bfdde1 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -271,11 +271,8 @@ def main(): print "Creation of /etc/ldap.conf: " + str(e) return 1 - #Check if kerberos is already configured properly - krbctx = krbV.default_context() - # If we find our domain assume we are properly configured - #(ex. we are configuring the client side of a Master) - if not options.on_master and (not krbctx.default_realm == cli_realm or options.force): + #If on master assume kerberos is already configured properly. + if not options.on_master: #Configure krb5.conf krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") @@ -289,12 +286,12 @@ def main(): #[libdefaults] libopts = [{'name':'default_realm', 'type':'option', 'value':cli_realm}] - if dnsok and not options.force and not options.on_master: - libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'true'}) - libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) - else: + if not dnsok or options.force: libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'false'}) libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'false'}) + else: + libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'true'}) + libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'}) |