[Freeipa-devel] [PATCH] 025 Detection of v1 server during ipa-client-install
Martin Kosek
mkosek at redhat.com
Wed Feb 9 09:23:27 UTC 2011
On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote:
> Martin Kosek <mkosek at redhat.com> wrote:
> > When v2 IPA client is trying to join an IPA v1 server
> > a strange exception is printed out to the user. This patch
> > detects this by catching an XML-RPC error reported by ipa-join
> > binary called in the process which fails on unexisting IPA server
> > 'join' method.
> >
> > wget call had to be changed so that IPA client may get to the
> > ipa-join step. --no-check-certificate had to be added as V1
> > server automatically redirects the request to self-signed secure
> > connection.
> >
> > https://fedorahosted.org/freeipa/ticket/553
>
> The patch is ok and applies correctly. My only thought was to download the
> certificate directly from https://..../ca.crt instead of plain http, but there
> is probably no real benefit.
>
> ack
>
> Jan
Jan, thanks for the review. And yes, I could not see a benefit too.
Since the IPA sever certificate is not a confidential information the
secure connection is not needed. And since we do not trust the server's
certificate in this step of installation and --no-check-certificate is
used, a secure connection would be used for server identity validation
either.
Therefore, I would ask for the patch to be pushed.
Martin
More information about the Freeipa-devel
mailing list