do partial host enrollment in domain level 0 replica install

In order to unify domain-level specific replica installers to a single workflow some kind of host enrollment must be done also in domain level 0 replica installation. Here the enrollment is done by directory manager using one-time password and only krb5.conf is configured to point to master KDC. Since host keytab is fetched during enrollment KDC installer no longer needs to request it during replica install. https://fedorahosted.org/freeipa/ticket/6434 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-10-17 13:30:57 +02:00
parent 3d5161d7e9
commit a6ec372554
2 changed files with 57 additions and 3 deletions
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -182,8 +182,6 @@ class KrbInstance(service.Service):
        if not promote:
            self.step("creating a keytab for the directory",
                      self.__create_ds_keytab)
-            self.step("creating a keytab for the machine",
-                      self.__create_host_keytab)
        self.step("adding the password extension to the directory", self.__add_pwd_extop_module)
        if setup_pkinit:
            self.step("installing X509 Certificate for PKINIT", self.__setup_pkinit)