diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-10-03 12:30:34 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-04 11:01:10 +0200 |
| commit | 651534087c1e45f4a3f501b80bc1b43dbef3a6a5 (patch) | |
| tree | 69a763f0c7e289c4c4fc10e2ef8010d95505a023 /install/tools/ipa-server-install | |
| parent | a013597e7c5ec4b6d665988d8aaaac941a7ff1a9 (diff) | |
| download | freeipa-651534087c1e45f4a3f501b80bc1b43dbef3a6a5.tar.gz freeipa-651534087c1e45f4a3f501b80bc1b43dbef3a6a5.tar.xz freeipa-651534087c1e45f4a3f501b80bc1b43dbef3a6a5.zip | |
Be more clear about selfsign option
Installing IPA server --selfsign option is currently a one-way ticket
to server with limited certificate capabilities. Make sure that user
really want to install it by implementing the following steps:
- moving the option to the bottom of certificate options section
- adding a warning to ipa-server-install man page
- adding a warning to ipa-server-install help
- adding a warning to ipa-server-install configuration summary
when one runs ipa-server-install
https://fedorahosted.org/freeipa/ticket/1908
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 504d6af50..7d961cb87 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -141,8 +141,6 @@ def parse_options(): parser.add_option_group(basic_group) cert_group = OptionGroup(parser, "certificate system options") - cert_group.add_option("", "--selfsign", dest="selfsign", action="store_true", - default=False, help="Configure a self-signed CA instance rather than a dogtag CA") cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR to be signed by an external CA") cert_group.add_option("", "--external_cert_file", dest="external_cert_file", @@ -166,6 +164,9 @@ def parse_options(): cert_group.add_option("--subject", action="callback", callback=subject_callback, type="string", help="The certificate subject base (default O=<realm-name>)") + cert_group.add_option("", "--selfsign", dest="selfsign", action="store_true", + default=False, help="Configure a self-signed CA instance rather than a dogtag CA. " \ + "WARNING: Certificate management capabilities will be limited") parser.add_option_group(cert_group) dns_group = OptionGroup(parser, "DNS options") @@ -667,6 +668,11 @@ def main(): print "This program will set up the FreeIPA Server." print "" print "This includes:" + if options.selfsign: + print " * Configure NSS to handle a self-signed CA" + print " WARNING: certificate management capabilities will be limited" + else: + print " * Configure a stand-alone CA (dogtag) for certificate management" if options.conf_ntp: print " * Configure the Network Time Daemon (ntpd)" print " * Create and configure an instance of Directory Server" |