[Freeipa-devel] Milestone 4 almost done

Simo Sorce ssorce at redhat.com
Mon Oct 1 03:42:25 UTC 2007 

On Sun, 2007-09-30 at 18:15 -0400, Karl MacMillan wrote:
> On Sun, 2007-09-30 at 13:28 -0400, Simo Sorce wrote:
> > On Fri, 2007-09-28 at 16:57 -0400, Karl MacMillan wrote:
> > > I'm planning on pushing out a milestone 4 release on Monday after doing
> > > some testing. Other than some pending patches from Kevin, anything else
> > > need to be merged for this release?
> > 
> > I am still having problems with apache and kerberos
> > 
> > My debugging on the plane turns out to show that a call to the kerberos
> > library tells back that I have no delegated credentials (but klist shows
> > the ticket is forwardable).
> > 
> > It would be nice to understand if it is something in my environment that
> > is wrong or if there is a more general problem and what causes it.
> > 
> > On Monday I hope to have the time to install an F-7 from scratch and see
> > if I can install and make it working.
> > 
> 
> Have you upgraded your mod_auth_kerb and installed the new PyKerberos
> that Rob posted Fri? That (and setting my hostname correctly) fixed all
> of my problems.

I have the mod_auth_kerb (recompiled multiple times and with added debug
options to understand what was wrong as well :-)

Didn't see any new PyKerberos package, will try that eventually.

> It would be great if you could test everything on Mon. and let me know
> if it works. If it does that would mean that at least 3 of us have
> everything working - which would count as well tested at this point :)

Crossing fingers :)

> The only thing I have to do to reinstall is:
> 
> a) stop all of the ipa components
> b) delete the dirsrv instance
> 
> Does that match your experience?

IIRC yes, but we need to test more.

> We could automate that, but I hesitate
> to delete data. Maybe offer to move aside the dirsrv instance data?

Dunno, maybe tar it up.

> Also
> - do we _really_ need the guid naming for the dirsrv instance. It is
> really a pain and I'm not convinced that we need uniqueness like that.

Maybe use the REALM name for that? Would it make more sense?

> Also - do we need a convenient way to start/stop all of the IPA related
> daemons?

Not sure, do we really need that as a convenience?

> Regardless, let's put some solution on the list of things to do, but not
> delay milestone 4.

ACK

Simo.

More information about the Freeipa-devel mailing list