freeipa/ipaclient
Rob Crittenden dbec885cb0 Move client certificate request after krb5.conf is created
The creation of krb5.conf was moved to the end of the script
as part of maintaining server affinity during ipa-client-install.
If the installation is faster than replication then requests
against some IPA servers may fail because the client entry is
not yet present.

This is more difficult with certmonger as it will only use
/etc/krb5.conf. There is no way of knowing, even at the end
of the client installation, that replication has finished.

Certificate issuance may fail during ipa-client-install but
certmonger will re-try the request.

Fixes: https://pagure.io/freeipa/issue/9246

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2022-09-29 16:40:19 -04:00
..
install Move client certificate request after krb5.conf is created 2022-09-29 16:40:19 -04:00
plugins ipa otptoken-sync: return error when sync fails 2022-09-29 07:58:44 -04:00
remote_plugins pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
__init__.py Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts) 2016-01-27 12:09:02 +01:00
__main__.py Use entry_points for ipa CLI 2017-04-11 13:29:50 +02:00
discovery.py Unify access to FQDN 2020-10-26 17:11:19 +11:00
frontend.py pylint: Skip unused-private-member for property case 2022-03-11 13:37:08 -05:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Remove support for csrgen 2021-01-21 13:51:45 +01:00