client installation fixes: nscd, sssd min version, bogus join error

- Don't run nscd if using sssd, the caching of nscd conflicts with sssd
- Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes
- only try to read the file configuration if the server isn't passed in

ipa-client/ipa-install/ipa-client-install

@@ -127,7 +127,7 @@ def uninstall(options):
         run(["/usr/bin/ipa-getcert", "stop-tracking", "-d", "/etc/pki/nssdb", "-n", "Server-Cert"])
     except Exception, e:
         print "Failed to stop tracking Server-Cert in certmonger: %s" % str(e)
- 
+
     try:
         run(["/sbin/service", "certmonger", "stop"])
     except:
@@ -160,6 +160,11 @@ def uninstall(options):
     except:
         print "Failed to restart start the NSCD daemon"
 
+    try:
+        run(["/sbin/chkconfig", "nscd", "on"])
+    except:
+        print "Failed to configure automatic startup of the NSCD daemon"
+
     if not options.unattended:
         print "The original nsswitch.conf configuration has been restored."
         print "You may need to restart services or reboot the machine."
@@ -575,7 +580,7 @@ def main():
                 return 1
 
     #Modify pam to add pam_krb5
-    run(["/usr/sbin/authconfig", "--enablekrb5", "--update"])
+    run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"])
     print "Kerberos 5 enabled"
 
     if options.conf_ntp and not options.on_master:
@@ -586,20 +591,27 @@ def main():
         ipaclient.ntpconf.config_ntp(ntp_server, fstore)
         print "NTP enabled"
 
-    #Activate Name Server Caching Daemon
+    if options.sssd:
+        nscd_action = "stop"
+        nscd_status = "off"
+    else:
+        nscd_action = "restart"
+        nscd_status = "on"
+
+    #Name Server Caching Daemon. Disable for SSSD, use otherwise
     try:
-        run(["/sbin/service", "nscd", "restart"])
+        run(["/sbin/service", "nscd", nscd_action])
     except:
-        print "Failed to start the NSCD daemon"
+        print "Failed to %s the NSCD daemon" % nscd_action
-        print "Caching of users/groups will not be available"
+        if not options.sssd:
-        pass
+            print "Caching of users/groups will not be available"
 
     try:
-        run(["/sbin/chkconfig", "nscd", "on"])
+        run(["/sbin/chkconfig", "nscd", nscd_status])
     except:
         print "Failed to configure automatic startup of the NSCD daemon"
-        print "Caching of users/groups will not be available after reboot"
+        if not options.sssd:
-        pass
+            print "Caching of users/groups will not be available after reboot"
 
     print "Client configuration complete."
 

ipa-client/ipa-join.c

@@ -596,10 +596,10 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
     krb5_principal uprinc = NULL;
     krb5_error_code krberr;
 
-    conf_data = read_config_file(IPA_CONFIG);
     if (server) {
         ipaserver = strdup(server);
     } else if ((ipaserver = getIPAserver(conf_data)) == NULL) {
+        conf_data = read_config_file(IPA_CONFIG);
         fprintf(stderr, "Unable to determine IPA server from %s\n", IPA_CONFIG);
         exit(1);
     }

ipa.spec.in

@@ -141,7 +141,7 @@ Requires: nss_ldap
 Requires: wget
 Requires: xmlrpc-c
 Requires: libcurl
-Requires: sssd
+Requires: sssd >= 1.1.1
 Requires: certmonger
 
 %description client
@@ -497,7 +497,10 @@ fi
 %endif
 
 %changelog
-* Thu Mar 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19
+* Mon Apr 26 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-20
+- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
+
+* Thu Mar  4 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19
 - No need to create /var/log/ipa_error.log since we aren't using
   TurboGears any more.