[Freeipa-devel] [PATCH] 249 host enrollment
Rob Crittenden
rcritten at redhat.com
Tue Aug 11 19:01:22 UTC 2009
Dmitri Pal wrote:
>>> Does ipa-client-install bring admin utils?
>>> What is its purpose?
>> It configures the machine to be an IPA client. It configures nss_ldap,
>> etc. It also creates some configuration files we need such as what IPA
>> server to talk to and the CA cert for that server.
>>
>>> I though the sequence of operations would be somewhat (do not look at
>>> the names, I do not expect them to be exactly as I put them):
>>> yum install ipa-client-enrollment
>>> ipa-enroll ...
>>>
>>> The enroll will also do some configuration as it used to do in v1 but
>>> other than that I expected the mentioned sequence.
>>> I scanned quickly through the patch but was not able to see whether
>>> things work as I expect or not.
>> I did this as a separate step. It can be included in the
>> ipa-client-install sequence though it currently is not.
>
> IMO the logic should be a bit reverse. The enrollment script should
> invoke the old IPA client installation script (somewhere at the
> beginning of the enrollment process) internally if SSSD is not detected.
> If SSSD is detected it should configure IPA back end as a part of the
> enrollment and not touch nss_ldap in this case. Optionally we probably
> can configure automount or some other maps (but I am not sure that
> was/is a requirement at the moment).
>
This patch covers just host enrollment, no other settings.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090811/e905683b/attachment.bin>
More information about the Freeipa-devel
mailing list