summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-09-21 15:57:46 -0400
committerRob Crittenden <rcritten@redhat.com>2010-09-23 12:03:11 -0400
commit2a85755968555de3c7da46f9eade88b216da7377 (patch)
treec314613ae5a3fa7ed343b288bda48aa438955165 /ipa-client/ipa-install
parenta7ba867438760b86ccb6c57e8e2d1a64ef9158e5 (diff)
downloadfreeipa-2a85755968555de3c7da46f9eade88b216da7377.tar.gz
freeipa-2a85755968555de3c7da46f9eade88b216da7377.tar.xz
freeipa-2a85755968555de3c7da46f9eade88b216da7377.zip
Add minimal client configuration for when we eventually get to PKINIT
Also move the unenroll to clients only. This isn't necessary on the master ticket 53
Diffstat (limited to 'ipa-client/ipa-install')
-rwxr-xr-xipa-client/ipa-install/ipa-client-install21
1 files changed, 13 insertions, 8 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index bded567bc..fb4f3c19f 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -211,11 +211,12 @@ def uninstall(options, env):
except:
print "Failed to disable automatic startup of the certmonger daemon"
- print "Unenrolling client from IPA server"
- join_args = ["/usr/sbin/ipa-join", "--unenroll"]
- (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env)
- if returncode != 0:
- print "Unenrolling host failed: %s" % stderr
+ if not options.on_master:
+ print "Unenrolling client from IPA server"
+ join_args = ["/usr/sbin/ipa-join", "--unenroll"]
+ (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env)
+ if returncode != 0:
+ print "Unenrolling host failed: %s" % stderr
print "Removing Kerberos service principals from /etc/krb5.keytab"
try:
@@ -416,9 +417,13 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
kropts =[{'name':'kdc', 'type':'option', 'value':cli_server+':88'},
{'name':'admin_server', 'type':'option', 'value':cli_server+':749'},
{'name':'default_domain', 'type':'option', 'value':cli_domain}]
- ropts = [{'name':cli_realm, 'type':'subsection', 'value':kropts}]
- opts.append({'name':'realms', 'type':'section', 'value':ropts})
- opts.append({'name':'empty', 'type':'empty'})
+ else:
+ kropts = []
+ kropts.append({'name':'pkinit_anchors', 'type':'option', 'value':'FILE:/etc/ipa/ca.crt'})
+ ropts = [{'name':cli_realm, 'type':'subsection', 'value':kropts}]
+
+ opts.append({'name':'realms', 'type':'section', 'value':ropts})
+ opts.append({'name':'empty', 'type':'empty'})
#[domain_realm]
dropts = [{'name':'.'+cli_domain, 'type':'option', 'value':cli_realm},