diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-06-22 16:08:49 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-23 12:26:20 +0200 |
commit | 0db48e4d04b3b8377667b388b88f2fe9f57bf4a3 (patch) | |
tree | f1a39bd732f03b90156f8c53de21855d5d5d4320 /install/tools/ipa-replica-conncheck | |
parent | 06d945a04607dc36e25af78688b4295420489fb9 (diff) | |
download | freeipa-0db48e4d04b3b8377667b388b88f2fe9f57bf4a3.tar.gz freeipa-0db48e4d04b3b8377667b388b88f2fe9f57bf4a3.tar.xz freeipa-0db48e4d04b3b8377667b388b88f2fe9f57bf4a3.zip |
Fix to ipa-ca-install asking for host principal password
With a ca_cert_file specified in options, the nss_db was used before the
certificates from the file were added to it, which caused an exception
that led to fallback to ssh which is broken.
https://fedorahosted.org/freeipa/ticket/5965
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/tools/ipa-replica-conncheck')
-rwxr-xr-x | install/tools/ipa-replica-conncheck | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 991f4e429..e308b118f 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -462,10 +462,6 @@ def main(): nss_dir = paths.IPA_NSSDB_DIR with certdb.NSSDatabase(nss_dir) as nss_db: - api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, - nss_dir=nss_db.secdir) - api.finalize() - if options.ca_cert_file: nss_dir = nss_db.secdir @@ -483,6 +479,9 @@ def main(): else: nss_dir = None + api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, + nss_dir=nss_db.secdir) + api.finalize() try: api.Backend.rpcclient.connect() api.Command.ping() |