summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install/ipa-client-install
Commit message (Collapse)AuthorAgeFilesLines
* Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts)Petr Viktorin2016-01-271-3144/+0
| | | | | | | | | | | | | | | | Make ipaclient a Python library like ipapython, ipalib, etc. Use setup.py instead of autotools for installing it. Move C client tools, Python scripts, and man pages, to client/. Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS). Remove /setup-client.py (ipalib/setup.py should be used instead). Update Makefiles and the spec file accordingly. https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added kpasswd_server directive in client krb5.confAbhijeet Kasurde2016-01-201-0/+4
| | | | | | | | | | While configuring ipa client using ipa-client-install can configure kpasswd_server explicitly using directive in client's krb5.conf https://fedorahosted.org/freeipa/ticket/5547 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Avoid builtins that were removed in Python 3Petr Viktorin2016-01-201-1/+1
| | | | | | | | | | | | - `file` was removed in favor of `open`. Switch to the new spelling. - `buffer` was removed in favor of a buffer protocol (and memoryview), and `reload` was moved to importlib. Both are used in py2-only blocks, so just placate PyLint. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable pylint expression-not-assigned checkMartin Basti2015-12-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipa-replica-conncheck install/tools/ipa-replica-conncheck:150: [W0106(expression-not-assigned), parse_options] Expression "(replica_group.add_option('-w', '--password', dest='password', sensitive=True, help='Password for the principal'), )" is assigned to nothing) ************* Module ipatests.test_xmlrpc.test_automount_plugin ipatests/test_xmlrpc/test_automount_plugin.py:437: [W0106(expression-not-assigned), test_automount_indirect.test_1a_automountmap_add_indirect] Expression "api.Command['automountmap_add_indirect'](self.locname, self.mapname, **self.map_kw)['result']" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_otptoken_import ipatests/test_ipaserver/test_otptoken_import.py:128: [W0106(expression-not-assigned), test_otptoken_import.test_mini] Expression "[(t.id, t.options) for t in doc.getKeyPackages()]" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_ldap ipatests/test_ipaserver/test_ldap.py:221: [W0106(expression-not-assigned), test_LDAPEntry.test_popitem] Expression "list(e) == []" is assigned to nothing) ************* Module ipa-client-install ipa-client/ipa-install/ipa-client-install:114: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-p', '--principal', dest='principal', help='principal to use to join the IPA realm'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:116: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-w', '--password', dest='password', sensitive=True, help='password to join the IPA realm (assumes bulk password unless principal is also set)'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:118: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-k', '--keytab', dest='keytab', help='path to backed up keytab from previous enrollment'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:120: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-W', dest='prompt_password', action='store_true', default=False, help='Prompt for a password to join the IPA realm'), )" is assigned to nothing) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-231-1/+0
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: create a temporary directory for ccache filesMartin Babinsky2015-12-141-3/+3
| | | | | | | | | | | gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format in credential cache' error when a name of an existing zero-length file is passed as a ccache parameter. Use temporary directory instead and let GSSAPI to create file-based ccache on demand. https://fedorahosted.org/freeipa/ticket/5528 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Refactor ipautil.runPetr Viktorin2015-12-141-18/+25
| | | | | | | | | | | | | | | | | | | | | The ipautil.run function now returns an object with returncode and output are accessible as attributes. The stdout and stderr of all commands are logged (unless skip_output is given). The stdout/stderr contents must be explicitly requested with a keyword argument, otherwise they are None. This is because in Python 3, the output needs to be decoded, and that can fail if it's not decodable (human-readable) text. The raw (bytes) output is always available from the result object, as is "leniently" decoded output suitable for logging. All calls are changed to reflect this. A use of Popen in cainstance is changed to ipautil.run. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Migrate wget references and usage to curlGabe2015-12-111-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5458 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed duplicate domain name validating functionStanislav Laznicka2015-12-021-3/+6
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* client install: do not corrupt OpenSSH config with Match sectionsJan Cholasta2015-11-201-2/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/5461 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-client-install: Fix the "download the CA cert" queryFrançois Cami2015-11-111-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add Firefox options to ipa-client-install man pageGabe2015-10-291-1/+1
| | | | | | | | - Update --configure-firefox description in ipa-client-install https://fedorahosted.org/freeipa/ticket/5375 Reviewed-By: Martin Basti <mbasti@redhat.com>
* The delegation uris are not set, match message to code.Jan Pazdziora2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-071-1/+1
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-071-8/+8
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-301-1/+1
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-071-1/+1
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-10/+12
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove use of sys.exc_valuePetr Viktorin2015-09-011-2/+2
| | | | | | | sys.exc_value is deprecated since Python 1.5, and was removed in Python 3. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-261-4/+4
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* client: Add support for multiple IP addresses during installation.David Kupka2015-08-181-66/+223
| | | | | | https://fedorahosted.org/freeipa/ticket/4249 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-client-install: warn when IP used in --serverStanislav Laznicka2015-08-141-0/+19
| | | | | | | | | ipa-client-install fails when an IP address is passed to ipa-join instead of a FQDN https://fedorahosted.org/freeipa/ticket/4932 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-70/+70
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-4/+4
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not (re)start certmonger and DBus daemons.David Kupka2015-07-201-56/+15
| | | | | | | | | | | | When DBus is present in the system it is always running. Starting of certmomger is handled in ipapython/certmonger.py module if necessary. Restarting is no longer needed since freeipa is not changing certmonger's files. https://fedorahosted.org/freeipa/ticket/5095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* enable debugging of ntpd during client installationMartin Babinsky2015-07-201-2/+3
| | | | | | | | | | When installing IPA client in debug mode, the ntpd command spawned during initial time-sync with master KDC will also run in debug mode. https://fedorahosted.org/freeipa/ticket/4931 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* FIX: Clear SSSD caches when uninstalling the clientMartin Basti2015-07-071-7/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5049 Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Clear SSSD caches when uninstalling the clientGabe2015-06-301-0/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5049 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* increase NSS memcache timeout for IPA serverMartin Babinsky2015-06-301-0/+9
| | | | | | | | | Increasing memcache timeout to 600 seconds when configuring sssd on IPA server should improve performance when dealing with large groups in trusts. https://fedorahosted.org/freeipa/ticket/4964 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Clarify host name output in ipa-client-installPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek Reviewed-By: Martin Basti <mbasti@redhat.com>
* client-install: Fix kinits with non-default Kerberos config fileJan Cholasta2015-05-211-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4808 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* suppress errors arising from deleting non-existent files during client uninstallMartin Babinsky2015-04-291-18/+22
| | | | | | | | | | | When rolling back partially configured IPA client a number of OSErrors pop up due to uninstaller trying to remove files that do not exist anymore. This patch supresses these errors while keeping them in log as debug messages. https://fedorahosted.org/freeipa/ticket/4966 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa client: use NTP servers specified by userMartin Basti2015-04-241-9/+15
| | | | | | | | NTP servers specified by user should be used to synchronize time. https://fedorahosted.org/freeipa/ticket/4983 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa client: use NTP servers detected from SRVMartin Basti2015-04-241-1/+8
| | | | | | | | | Detected NTP servers from SRV records should be used in NTP client configuration. https://fedorahosted.org/freeipa/ticket/4981 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa client: make --ntp-server option multivaluedMartin Basti2015-04-241-8/+11
| | | | | | | | There can be more ntp servers in ntp.conf Required for ticket: https://fedorahosted.org/freeipa/ticket/4981 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-client-install: try to get host TGT several times before giving upMartin Babinsky2015-04-201-29/+40
| | | | | | | | | | | | | | New option '--kinit-attempts' enables the host to make multiple attempts to obtain host TGT from master before giving up and aborting client installation. In addition, all kinit attempts were replaced by calls to 'ipautil.kinit_keytab' and 'ipautil.kinit_password'. https://fedorahosted.org/freeipa/ticket/4808 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add message for skipping NTP configuration during client installGabe2015-04-141-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/3092 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Skip time sync during client install when using --no-ntpNathan Kinder2015-03-261-1/+2
| | | | | | | | | | When --no-ntp is specified during ipa-client-install, we still attempt to perform a time sync before obtaining a TGT from the KDC. We should not be attempting to sync time with the KDC if we are explicitly told to not configure ntp. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* client: Fix ca_is_enabled callsJan Cholasta2015-03-191-2/+2
| | | | | | | | | The command was added in API version 2.107. Old IPA servers may crash with NetworkError on ca_is_enabled, handle this case gracefully. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* client-install: Do not crash on invalid CA certificate in LDAPJan Cholasta2015-03-191-4/+13
| | | | | | | | | When CA certificates in LDAP are corrupted, use the otherwise acquired CA certificates from before. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use dyndns_update instead of deprecated sssd optionMartin Basti2015-01-281-1/+1
| | | | | | | | | ipa_dyndns_update is deprecated in SSSD, dyndns_update should be used instead. https://fedorahosted.org/freeipa/ticket/4849 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Prefer TCP connections to UDP in krb5 clientsNathaniel McCallum2014-12-081-0/+1
| | | | | | | | | | | | | | In general, TCP is a better fit for FreeIPA due to large packet sizes. However, there is also a specific need for TCP when using OTP. If a UDP packet is delivered to the server and the server takes longer to process it than the client timeout (likely), the OTP value will be resent. Unfortunately, this will cause failures or even lockouts. Switching to TCP avoids this problem altogether. https://fedorahosted.org/freeipa/ticket/4725 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* No explicit zone specification.Jan Pazdziora2014-12-051-6/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4780 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove trivial path constants from modulesGabe2014-11-041-11/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4399 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-13/+20
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add ipa-client-install switch --request-cert to request cert for the hostJan Cholasta2014-10-161-12/+93
| | | | | | | | | The certificate is stored in /etc/ipa/nssdb under the nickname "Local IPA host". https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdbJan Cholasta2014-09-301-57/+21
| | | | | | | | | Previously a list of nicknames was kept in /etc/pki/nssdb/ipa.txt. The file is removed now. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Use NSSDatabase instead of direct certutil calls in client codeJan Cholasta2014-09-301-38/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-301-62/+97
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2026-03-06 11:24:27 +0000