On 10/20/2015 10:12 AM, Oleg Fayans wrote:
Hi all,
While running the caless tests I've encountered a strange behavior of
the service module:
when I add a new service and then try to disable it, it says, it has
been already disabled:
ofayans@f22master:~]$ ipa service-add --force
Principal: totest/trololo.pesen.net
--------------------------------------------------
Added service "totest/trololo.pesen....@pesen.net"
--------------------------------------------------
Principal: totest/trololo.pesen....@pesen.net
Managed by: trololo.pesen.net
ofayans@f22master:~]$ ipa service-disable
Principal: totest/trololo.pesen....@pesen.net
ipa: ERROR: This entry is already disabled
ipa help service shows there is no service-enable subcommand. So I have
2 questions:
1. How do I enable previously disabled service?
2. Why is a freshly-created service disabled by default?
Service disable revokes existing certificate, removes it from the
service entry and also removes Kerberos principal key.
When you create a new service, it does not contain principal key nor a
certificate therefore there is no work to do in disable command and
therefore the message.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
