[Freeipa-devel] reason for re-install failure

Simo Sorce ssorce at redhat.com
Mon Sep 10 13:33:29 UTC 2007


On Mon, 2007-09-10 at 09:30 -0400, Karl MacMillan wrote:
> On Mon, 2007-09-10 at 09:24 -0400, Rob Crittenden wrote:
> > Karl MacMillan wrote:
> > > On Fri, 2007-09-07 at 16:07 -0400, Simo Sorce wrote:
> > >> On Fri, 2007-09-07 at 15:47 -0400, Rob Crittenden wrote:
> > >>> I ran into the "fail on re-install" problem where the install fails on a 
> > >>> kadmin timeout.
> > >>>
> > >>> The problem is that the installation appends the new password to 
> > >>> /var/kerberos/krb5kdc/ldappwd. This can lead to duplicate entries and it 
> > >>> apparently makes things flip out. I just removed that file and the 
> > >>> re-install went fine.
> > >> Ok this maybe seen as a bug, should we backup and move the original file
> > >> on installation ?
> > >>
> > >> Simo.
> > > 
> > > Nah - I think we should just have a set of re-install diections that
> > > tell how to remove FDS instances and fix this problem.
> > > 
> > > Karl
> > > 
> > 
> > It's really a kerberos bug. I think we should simply replace any 
> > existing entries. We have a very specific DN in there. Replacing it is 
> > likely the right thing to do.
> > 
> 
> I'm fine with that - I was only trying to avoid really solving the
> reinstall problem. I think it is just too hard to get right and will eat
> up a lot of time.
> 
> So, you are suggesting intelligently editing that file if it exists
> rather than replacing?

No, just replacing it, and, perhaps backup-ing the original one.
ldappwd contains just one line.

Simo.




More information about the Freeipa-devel mailing list