Bug 789413 - Need option for ipa-client-install to not call authconfig
Summary: Need option for ipa-client-install to not call authconfig
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks: 731094
TreeView+ depends on / blocked
 
Reported: 2012-02-10 17:59 UTC by Tomas Mraz
Modified: 2012-06-20 13:32 UTC (History)
4 users (show)

Fixed In Version: ipa-2.2.0-3.el6
Doc Type: Enhancement
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:32:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Tomas Mraz 2012-02-10 17:59:48 UTC 
For implementation of IPA client configuration in authconfig we need an option (--noac for example) that will prevent ipa-client-install from calling authconfig. Authconfig will modify the nsswitch.conf and PAM configuration on its own after ipa-client-install returns.
Comment 1 Dmitri Pal 2012-02-10 20:00:11 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2369
Comment 2 Rob Crittenden 2012-03-05 15:27:47 UTC 
fixed upstream.

master: 111ca8a4823171cc29ca582ca8fb8c0c5330374c

ipa-2-2: 924a6bd57afe6af61118cd6902a327e3908131d8

man page addition:

master: 356823d270a33b65ef4a34133f5d65100b5f59e4

ipa-2-2: d18ea5f52246ca1a7e071fb1dde04ef13d85fa71

For testing if you use the --noac option then /etc/nsswitch.conf and /etc/pam.d won't be modified. So things like 'id admin', getent passwd won't contain IPA users, logins fail, etc.
Comment 5 Martin Kosek 2012-04-24 11:35:10 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 6 Kaleem 2012-05-02 14:08:57 UTC 
Verified.

ipa-client version:
===================
[root@ipa63client1 ~]# rpm -q ipa-client
ipa-client-2.2.0-12.el6.x86_64
[root@ipa63client1 ~]#

ipa-client installation with --noac option:
===========================================
(1)ipa-client installation is successful with --noac option.

[root@ipa63client1 ~]# ipa-client-install -p admin -w Secret123 --noac -U
Discovery was successful!
Hostname: ipa63client1.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: ipa63server.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Domain testrelm.com is already configured in existing SSSD config, creating a new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
NTP enabled
Configured /etc/ssh/sshd_config
Client configuration complete.
[root@ipa63client1 ~]#

(2)No authconfig call in ipaclient-install.log

[root@ipa63client1 ~]# cat /var/log/ipaclient-install.log |grep authconfig
[root@ipa63client1 ~]#
Comment 9 errata-xmlrpc 2012-06-20 13:32:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.