freeipa.git/ipa-client, branch webui-cleanup

Retrieve the CA certificate before starting enrollment.

2010-06-21T13:52:15+00:00

We need the CA certificate so we can use SSL when binding with a
one-time password (bulk enrollment)

Drop --with-openldap option in the client. This is no longer optional.

2010-06-21T13:52:11+00:00

Remove Requires on separate package python-krbV in client

2010-06-02T18:41:16+00:00

We need the configured kerberos realm so we can clean up /etc/krb5.keytab.
We have this already in /etc/ipa/default.conf so use that instead of
requiring a whole other python package to do it.

Check to see if we are configured before uninstalling.

2010-05-07T16:02:12+00:00

Allow the --force flag to override on both install and uninstall

Add simple test to see if client is already configured

2010-05-06T21:17:16+00:00

If this ever gets out of sync the user can always remove
/var/lib/ipa-client/sysrestore/*, they just need to understand the
implications.

One potential problem is with certmonger. If you install the client
and then re-install without uninstalling then the subsequent
certificate request by certmonger will fail because it will already
be tracking a certificate in /etc/pki/nssdb of the same nickname and
subject (the old cert).

Make calling service and chkconfig tolerant of the service not installed

2010-05-06T20:47:25+00:00

For example, if nscd is not installed this would throw lots of errors about
not being able to disable it, stop it, etc.

Call certmonger after krb5, avoid uninstall errors, better password handling.

2010-05-06T15:05:30+00:00

- Move the ipa-getcert request to after we set up /etc/krb5.conf
- Don't try removing certificates that don't exist
- Don't tell certmonger to stop tracking a cert that doesn't exist
- Allow --password/-w to be the kerberos password
- Print an error if prompting for a password would happen in unattended mode
- Still support echoing a password in when in unattended mode

Initialize XML-RPC structures to fix issues uncovered by MALLOC_PERTURB_

2010-05-06T15:04:49+00:00

Also re-arrange some code around reading the configuration file. In trying
to eliminate bogus error messages I prevented the file from being read at all.
It isn't a problem when joining with ipa-client (which uses -s) but it wouldn't
work if you don't pass in a server name.

Make the installer/uninstaller more aware of its state

2010-05-03T19:41:18+00:00

We have had a state file for quite some time that is used to return
the system to its pre-install state. We can use that to determine what
has been configured.

This patch:
- uses the state file to determine if dogtag was installed
- prevents someone from trying to re-install an installed server
- displays some output when uninstalling
- re-arranges the ipa_kpasswd installation so the state is properly saved
- removes pkiuser if it was added by the installer
- fetches and installs the CA on both masters and clients

client installation fixes: nscd, sssd min version, bogus join error

2010-05-03T19:40:14+00:00

- Don't run nscd if using sssd, the caching of nscd conflicts with sssd
- Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes
- only try to read the file configuration if the server isn't passed in