Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr Viktorin wrote:
Thanks! The mechanism works, but see below.
This is a RFE so it needs a design document.
http://freeipa.org/page/V3/Client_install_using_keytab
Please also add the link to the commit message.
I think you answered PetrĀ²'s security questions adequately.
Petr, note that this is a client-side change; if the keytab is
compromised the attacker can do all this manually anyway.
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index
308c3f8d0ec39e1e7f048d37a34738bf6a4853e2..a16a6b2d7cddbf7085b27c3835a4676919a8a15b
100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -104,6 +104,8 @@ def parse_options():
[...]
@@ -1691,8 +1693,12 @@ def install(options, env, fstore, statestore):
except ipaclient.ntpconf.NTPConfigurationError:
pass
- if options.unattended and (options.password is None and options.principal
is None and options.prompt_password is False) and not options.on_master:
- root_logger.error("One of password and principal are required.")
+ if options.unattended and ((options.password is None and
+ options.principal is None and
+ options.keytab is None and
+ options.prompt_password is False)\
+ and not options.on_master):
Please also remove the inner parentheses and the backslash.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
