diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-09-21 15:57:46 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-09-23 12:03:11 -0400 |
| commit | 2a85755968555de3c7da46f9eade88b216da7377 (patch) | |
| tree | c314613ae5a3fa7ed343b288bda48aa438955165 | |
| parent | a7ba867438760b86ccb6c57e8e2d1a64ef9158e5 (diff) | |
| download | freeipa-2a85755968555de3c7da46f9eade88b216da7377.tar.gz freeipa-2a85755968555de3c7da46f9eade88b216da7377.tar.xz freeipa-2a85755968555de3c7da46f9eade88b216da7377.zip | |
Add minimal client configuration for when we eventually get to PKINIT
Also move the unenroll to clients only. This isn't necessary on the master
ticket 53
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index bded567bc..fb4f3c19f 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -211,11 +211,12 @@ def uninstall(options, env): except: print "Failed to disable automatic startup of the certmonger daemon" - print "Unenrolling client from IPA server" - join_args = ["/usr/sbin/ipa-join", "--unenroll"] - (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) - if returncode != 0: - print "Unenrolling host failed: %s" % stderr + if not options.on_master: + print "Unenrolling client from IPA server" + join_args = ["/usr/sbin/ipa-join", "--unenroll"] + (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) + if returncode != 0: + print "Unenrolling host failed: %s" % stderr print "Removing Kerberos service principals from /etc/krb5.keytab" try: @@ -416,9 +417,13 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d kropts =[{'name':'kdc', 'type':'option', 'value':cli_server+':88'}, {'name':'admin_server', 'type':'option', 'value':cli_server+':749'}, {'name':'default_domain', 'type':'option', 'value':cli_domain}] - ropts = [{'name':cli_realm, 'type':'subsection', 'value':kropts}] - opts.append({'name':'realms', 'type':'section', 'value':ropts}) - opts.append({'name':'empty', 'type':'empty'}) + else: + kropts = [] + kropts.append({'name':'pkinit_anchors', 'type':'option', 'value':'FILE:/etc/ipa/ca.crt'}) + ropts = [{'name':cli_realm, 'type':'subsection', 'value':kropts}] + + opts.append({'name':'realms', 'type':'section', 'value':ropts}) + opts.append({'name':'empty', 'type':'empty'}) #[domain_realm] dropts = [{'name':'.'+cli_domain, 'type':'option', 'value':cli_realm}, |