Martin Kosek wrote:
On Mon, 2011-02-14 at 12:00 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote:
Martin Kosek<mko...@redhat.com> wrote:
When v2 IPA client is trying to join an IPA v1 server
a strange exception is printed out to the user. This patch
detects this by catching an XML-RPC error reported by ipa-join
binary called in the process which fails on unexisting IPA server
'join' method.
wget call had to be changed so that IPA client may get to the
ipa-join step. --no-check-certificate had to be added as V1
server automatically redirects the request to self-signed secure
connection.
https://fedorahosted.org/freeipa/ticket/553
The patch is ok and applies correctly. My only thought was to download the
certificate directly from https://..../ca.crt instead of plain http, but there
is probably no real benefit.
ack
Jan
Jan, thanks for the review. And yes, I could not see a benefit too.
Since the IPA sever certificate is not a confidential information the
secure connection is not needed. And since we do not trust the server's
certificate in this step of installation and --no-check-certificate is
used, a secure connection would be used for server identity validation
either.
Therefore, I would ask for the patch to be pushed.
Martin
I can't duplicate the behavior of it redirecting to the SSL port. The
/ipa/config directory is purposely excluded from the SSL redirect for
this purpose, even on v1 servers. Can we drop that part of the patch?
rob
I experience this behavior on IPA v1 running on RHEL 5.5 with the
following IPA version:
$ rpm -q ipa-server
ipa-server-1.0.0-15.el5ipa
It may have been changed in higher IPA v1 version, like 1.2x. In this
case you may drop this part of the patch.
Martin
Ok, pushed to master without the wget change.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
