Description of problem: - Installing ipa-server misses a dependency. Version-Release number of selected component (if applicable): - As per http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo on Tue Nov 30, 2010, 00:23 UTC - In particular, ipa-server-1.91-0.2010113002gitdf48c9c.fc14 How reproducible: - Only tried once. Steps to Reproduce: 1. On a minimal F14 install (no updates, very few extra packages installed): 2. as per bug 657598, # yum install mx4j 3. added http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo in /etc/yum.repos.d 3. # yum install ipa-server 4. in /etc/hosts: 127.0.0.1 localhost localhost.localdomain ::1 localhost localhost.localdomain 8.8.8.8 main.beurk 5. HOSTNAME=main.beurk in /etc/sysconfig/network 6. # hostname main.beurk 7. # ipa-server-install --selfsign Actual results: - 'ipa-server-install --selfsign' displays before it returns 1: -- 8< -- [...] To accept the default shown in brackets, press the Enter key. The pkinit plugin is missing Please install the 'krb5-pkinit-openssl' package and start the installation again Aborting installation -- >8 -- Expected results: - I suppose it would make sense to install it as a dep. Additional info: Feel free to NEEDINFO(prc) if there's anything else I can do.
This package is optional which is why we don't enforce it until run time. Pass the --no-pkinit flag to the installer to avoid the need for the package. Simo, we should probably bite the bullet on this and do one of the following: - always require the package even though there is no dogtag support yet - make it off by default for both dogtag and selfsign I think it is enabled now by default so it can be exercised.
Maybe this should be a man page bug? Since man ipa-server-install makes no mention of --no-pkinit as an option and what it is for ...
(In reply to comment #1) > This package is optional which is why we don't enforce it until run time. Pass > the --no-pkinit flag to the installer to avoid the need for the package. > > Simo, we should probably bite the bullet on this and do one of the following: > > - always require the package even though there is no dogtag support yet I'd go with this one, the package is small enough it's not a big deal to require it always. > - make it off by default for both dogtag and selfsign > > I think it is enabled now by default so it can be exercised. Yes.
https://fedorahosted.org/freeipa/ticket/599
master: 8f87aa1288fcb00607430de0bc707682c689a335