URL: https://github.com/freeipa/freeipa/pull/631 Author: martbab Title: #631: Upgrade: configure PKINIT after adding anonymous principal Action: opened
PR body: """ In order to set up PKINIT, the anonymous principal must already be created, otherwise the upgrade with fail when trying out anonymous PKINIT. Switch the order of steps so that this issue does not occur. https://pagure.io/freeipa/issue/6792 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/631/head:pr631 git checkout pr631
From 87de4c95ea00ce5864a509a6f5ce085378f62fda Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 21 Mar 2017 17:03:35 +0100 Subject: [PATCH] Upgrade: configure PKINIT after adding anonymous principal In order to set up PKINIT, the anonymous principal must already be created, otherwise the upgrade with fail when trying out anonymous PKINIT. Switch the order of steps so that this issue does not occur. https://pagure.io/freeipa/issue/6792 --- ipaserver/install/server/upgrade.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 1706079..be07d78 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1809,9 +1809,9 @@ def upgrade_configuration(): KDC_CERT=paths.KDC_CERT, KDC_KEY=paths.KDC_KEY, CACERT_PEM=paths.CACERT_PEM) - setup_pkinit(krb) enable_anonymous_principal(krb) http.request_anon_keytab() + setup_pkinit(krb) if not ds_running: ds.stop(ds_serverid)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
