[Freeipa-devel] [PATCH] 13 ipa-client-install not calling authconfig
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 5 14:04:20 UTC 2012
On Sat, 25 Feb 2012, Ondrej Hamada wrote:
> On 02/25/2012 08:30 PM, Alexander Bokovoy wrote:
> >On Thu, 23 Feb 2012, Ondrej Hamada wrote:
> >
> >>Option '--noac' was added. If set, the ipa-client-install will not call
> >>authconfig for setting nsswitch.conf and PAM configuration. In
> >>fact no configuration of nsswitch.conf or PAM would be done at
> >>all.
> >>
> >>https://fedorahosted.org/freeipa/ticket/2369
> >NACK.
> >
> >According to the original request, authconfig will do
> >nsswitch/PAM configuration *after* ipa-client-install run so the
> >following check in ipa-client-install will fail with --noac:
> >
> >>+ #Check that nss is working properly
> >>+ if not options.on_master:
> >>+ n = 0
> >>+ found = False
> >>+ # Loop for up to 10 seconds to see if nss is working properly.
> >>+ # It can sometimes take a few seconds to connect to the remote provider.
> >>+ # Particulary, SSSD might take longer than 6-8 seconds.
> >>+ while n< 10 and not found:
> >>+ try:
> >>+ ipautil.run(["getent", "passwd", "admin"])
> >>+ found = True
> >>+ except Exception, e:
> >>+ time.sleep(1)
> >>+ n = n + 1
> >
> This check never happens with --noac. I've rechecked the indentation
> (I admit it's badly visible in the patch file) and it's ok.
OK then. ACK.
Please, someone commit this path as my git trees are a bit in flux due
to trusts work and I'm deep in Samba 16-byte session key fixes right
now.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list