[Freeipa-devel] [PATCH] 749 use hostname consistently in ipa-client-install
Rob Crittenden
rcritten at redhat.com
Mon Mar 7 16:52:59 UTC 2011
Nalin Dahyabhai wrote:
> On Fri, Mar 04, 2011 at 05:59:26PM -0500, Rob Crittenden wrote:
>> If a hostname was provided it wasn't used to configure either
>> certmonger or sssd. This resulted in a non-working configuration.
> [snip]
>> @@ -241,6 +242,81 @@ def stop_tracking(secdir, request_id=None, nickname=None):
>>
>> return (stdout, stderr, returncode)
>>
>> +def _find_ipa_submit_ca():
>> + """
>> + Look through all the certmonger CA files to find the one that
>> + defines ipa-submit as the ca_external_helper.
>> +
>> + We can use find_request_value because the ca files have the
>> + same file format.
>> + """
>> + fileList=os.listdir(CA_DIR)
>> + for file in fileList:
>> + value = find_request_value('%s/%s' % (CA_DIR, file), 'ca_external_helper')
>> + if value is not None and value.startswith('/usr/libexec/certmonger/ipa-submit'):
>> + return '%s/%s' % (CA_DIR, file)
>
> This should work, but could I get you to change the test here to look
> for "id=IPA" instead of
> "ca_external_helper=/usr/libexec/certmonger/ipa-submit"?
>
> The "ipa-getcert" command-line tool is hard-coded to ask certmonger to
> use the CA with an "id" of "IPA", and that's how certmonger figures out
> which file's settings to use.
>
> I can imagine having another CA configuration for certmonger on the
> system that told it to call its ipa-submit helper with a different set
> of arguments. In that setup, the one with "id=IPA" would still be the
> one that certmonger would use on behalf of ipa-getcert. (I don't have a
> good idea of _why_ someone would do that, but there you go.)
>
> Cheers,
>
> Nalin
Good idea, switched to use id=IPA instead.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-749-2-hostname.patch
Type: application/mbox
Size: 9739 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110307/bf397705/attachment.mbox>
More information about the Freeipa-devel
mailing list