[Freeipa-devel] patch to add krb instance init
Karl MacMillan
kmacmill at redhat.com
Tue Jul 3 12:45:35 UTC 2007
On Fri, 2007-06-29 at 12:20 -0400, Simo Sorce wrote:
> The patch contains also a few clean ups.
>
> If there are no objections I'll do an hg push to commit this stuff to
> the main repo, sometimes around 2pm-4pm
>
> Default DIT is not yet finalized, I'd like comments on that.
>
Why is there a separate password for kerberos and is it required?
> Right now the kadmin is not activcate automatically, that means no way
> to add krb principals using kadmin.local or kadmind yet.
> I am not sure I want to enable kadmind at all, as it is not able to fill
> up an existing user but just crate an independent entry in cn=kerberos.
> We need to be able to create service ticket though, so next step will be
> to make it possible to use kadmin.local
>
> To create a user right now you need to add stuff manually using ldif
> files and ldapmodify.
>
This doesn't work for me on either FC7 or rawhide. Seems to hang at:
#populate the directory with the realm structure
args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"]
run(args)
Running manually I get:
kdb5_ldap_util: Can't contact LDAP server while initializing database
Karl
More information about the Freeipa-devel
mailing list