[Freeipa-devel] [PATCH] 17 More exception handlers in ipa-client-install

Martin Kosek mkosek at redhat.com
Mon Mar 12 15:26:00 UTC 2012


On Mon, 2012-03-12 at 11:17 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2012-03-09 at 14:18 +0100, Ondrej Hamada wrote:
> >> https://fedorahosted.org/freeipa/ticket/2415
> >> https://fedorahosted.org/freeipa/ticket/1995
> >>
> >> Added exception handler to certutil operation of adding CA to the
> >> default NSS database. If operation fails, installation is aborted and
> >> changes are rolled back. #2415
> >>
> >> If obtaining host TGT fails, the installation is aborted and changes are
> >> rolled back. #1995
> >
> > ACK. Pushed to master, ipa-2-2.
> >
> > Martin
> 
> I wonder if we need to add an escape for --force here. The kinit is just 
> to do things like nsupdate and add the SSH host keys. One might deem 
> those not critical.
> 
> rob

This was a keytab kinit, as original ticket says a failure to get a
correct keytab will make it impossible to login anyway as ldap binds
from sssd will fail and auth verification will fail. This sounds pretty
critical to me...

Martin




More information about the Freeipa-devel mailing list