[Ovirt-devel] [PATCH] replace kadmin.local with ipa-* commands
Ian Main
imain at redhat.com
Thu May 29 02:46:29 UTC 2008
On Wed, 28 May 2008 17:32:31 -0700
Ian Main <imain at redhat.com> wrote:
> On Wed, 28 May 2008 23:17:38 +0200
> Alan Pevec <apevec at redhat.com> wrote:
>
> > replace kadmin.local with ipa-* commands
> >
> > We should not use kadmin with IPA, see http://freeipa.org/page/IpaConcepts#How_IPA_and_Kerberos_Work_Together
> > This change makes finally 'grant_admin_privileges ovirtadmin' work, since now we get user object created at expected prefix cn=users,cn=accounts
> >
> > 'grant_admin_privileges admin' is removed, admin is IPA system account and has nothing to do with oVirt
>
> Hey Alan, I ran this and in the log you see:
>
> The password for this file is in /etc/dirsrv/slapd-PRIV-OVIRT-ORG/pwdfile.txt
> /etc/rc3.d/S95ovirt-wui-dev-first-run: line 20: kinit: command not found
> Could not initialize GSSAPI: Unspecified GSS failure. Minor code may provide more information/No credentials cache found
> Could not initialize GSSAPI: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('No credentials cache found', -1765328189)
>
> so I'll add the kerb bin dir to the path and try it again.
Yeah, I just added:
diff --git a/wui-appliance/wui-devel-x86_64.ks b/wui-appliance/wui-devel-x86_64.ks
index 1ab990f..c34893c 100644
--- a/wui-appliance/wui-devel-x86_64.ks
+++ b/wui-appliance/wui-devel-x86_64.ks
@@ -119,18 +123,20 @@ sed -e "s, at cron_file@,$cron_file," \
# Source functions library
. /etc/init.d/functions
+export PATH=/usr/kerberos/bin:$PATH
start() {
And all seems good. So ACK with the path added.
Ian
More information about the ovirt-devel
mailing list