| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
We need to check all Kerberos ports both TCP and UDP transports.
Since we have the PKI proxy configuration all communication with the CA happens
on the standard 80/443 ports so we need to check them always.
We do not need to leave the old CA ports open. These ports are still used
locally but not over the network.
|
|
|
|
|
|
|
| |
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.
https://fedorahosted.org/freeipa/ticket/1321
|
|
|
|
|
|
|
|
|
|
|
|
| |
When IPA replica is installed and the master machine record is not
in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer
a question about adding a host to this file.
This has, however, a potential to break automatic tests.
ipa-replica-conncheck should not require any further user interaction
when all mandatory options are filled.
https://fedorahosted.org/freeipa/ticket/1305
|
|
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
|