freeipa

Clone
Source Code
GIT

12529d7 replica: Ensure the ipaapi user is allowed to access ifp on replicas

1 file Authored by Jeremy Frasier 3 years ago, Committed by rcritten 3 years ago,
raw patch tree parent
1 file changed. 4 lines added. 1 lines removed.
ipaserver/install/server/replicainstall.py
file modified
+4 -1 
    replica: Ensure the ipaapi user is allowed to access ifp on replicas
    
    ipa-server-install executes ipa-client-install with the --on-master
    flag set, which causes the ipaclient.install.client.sssd_enable_ifp()
    function to be called.  This function configures sssd so that the
    ipaapi user is allowed to access ifp.  Any FreeIPA replica should also
    have sssd configured like this, but in that case we cannot simply pass
    the --on-master flag to ipa-client-install because it has other side
    effects.  The solution is to call the
    ipaclient.install.client.sssd_enable_ifp() function from inside the
    ipaserver.install.server.replicainstall.promote_sssd() function.
    
    https://pagure.io/freeipa/issue/8403
    
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+4 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.