Sterilizing for FreeIPA uninstall

It is high Test season here in FreeIPA land, as we gear up for the GA of The 2.0 Release.  One thing that I’ve found necessary is to set a machine into “Vanilla” state without going through the complete install process.  Getting rid of all vestiges of an IPA install requires removing files that are not cleaned up in an “rpm erase” call.  This is my script to reset my machine.  Warning.  It removes your data.  Duh.  It also cleans up The Dogtag Certificate server and tomcat6 installs, since those are dependencies for IPA that are undergoing significant development as well.

Continue reading

Firefox and Multiple Kerberos Realms

You will need two profiles: I use my default for my corporate setup, and a new one for development.

(Note:  if you want to keep open a browser, you can use the –no-remote switch so that Firefox doesn’t ignore your pleas to use a different profile, and instead just makes another window that uses the same one.)

firefox -P kfrog  –no-remote &

Go through the steps to create another profile.

In the second window, you need to establish kinit, but running with a different TGT.  You do this with an environment variable:

export KRB5CCNAME=/tmp/krb5ccache

kinit kfrog@TESTREALM.COM

Close and restart firefox.

firefox –no-remote -P ayoung &

Announcing FreeIPA v2 Server Release Candidate 1 Release

(cross posted from the FreeIPA Devel mailing list)

To all freeipa-interest, freeipa-users and freeipa-devel list members,

The FreeIPA project team is pleased to announce the availability of the
Release Candidate 1 release of freeIPA 2.0 server [1].

* Binaries are available for F-14 and F-15 [2].
* Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list:

Main Highlights of the Release Candidate.

This release consists primarily of bug fixes and polish across all areas ofthe project. Modifications include but are not limited to:
* Installation fixes.
* DNS improvements.
* WebUI improvements.

Focus of the Release Candidate Testing
* There is a Fedora test day for FreeIPA on Feb 15th [3]. Please join us in testing FreeIPA. The exact instructions will be provided later and will be available off the link on the page.
* The following section outlines the areas that we are mostly interested to test [4].

Significant Changes Since Beta 2
To see all the tickets addressed since the beta 2 release
see [6].

Repositories and Installation
* Use the following link to install the beta 2 packages [5].
* On Fedora-14 FreeIPA relies on the latest versions
of the packages currently available from the updates-testing
repository. Please make sure to enable this repository before
you proceed with installation.

Known Issues:
* There are known issues that currently prevent FreeIPA from successfully installing with dogtag on F-15 [2]. We will send a separate message when this issue is resolved. The FreeIPA server is installable with the –selfsign option on F-15, or with dogtag on F-14.
* Server-generated error messages are not translated yet.
* IPv6 support is not complete.
* The ‘ipa help’ command does not support localization.

We plan to address all the outstanding tickets before the final 2.0 release. For the complete list see [7].

Thank you,
The FreeIPA development team

[2] dogtag is having issues with systemd:

Freeipa-devel mailing list

mac2addr reposted

I’ve posted this before, buyt now that I have better source code formatting, I’ll repost. This converts a mac address to a link only IPv6 address.



int main(int argc, char** argv){

  int addrlen = strlen("0000:0000:0000:0000:0000:0000:0000:");
  char* out = malloc(addrlen);
  char * outorig = out;

  memset(out, 0, addrlen);

  char* addr =    "00:0c:29:20:4e:e3";

  if (argc > 1){
    addr = argv[1];
    fprintf(stderr,"usage %s macaddr\n",argv[0]);

  int len = strlen(addr);

  if (len > 18){
    printf ("String too long\n");

  /*We know we have the right length.  Main processing follows */

  int i ;
  int col_count = 0;
  unsigned char current = 0;
  for (i = 0; i < len; ++i){
    char c = addr[i];

    if (0 == c){
    }else if (':' == c){
      switch( col_count ){
      case 0:{
        out += strlen(out);

        /*Toggle the '2' bit*/
        unsigned short c2 = ( current | 0x02 );
        if (c2 == current){
          c2 = current & 0xcf;

        out += strlen(out);
 case 2:{
        /*The magic number goes halfway through the mac address*/
        out += strlen(out);
        out += strlen(out);

        if (col_count % 2){
          out += strlen(out);
      current = 0;
    }else if ((c >= 'a') && (c <= 'f')){
      current *=16;
      current += ( 10 + c - 'a');
    }else if ((c >= 'A') && (c <= 'F')){
      current *=16;
      current += ( 10 + c - 'a');
    }else if ((c >= '0') && (c <= '9')){
      current *=16;
      current += ( c - '0');

  out += strlen(out);
  return 0;


Ignore that last line. Not sure why the formatting code is closing my open tags insde a pre tag...

Chromium and FreeIPA

While Google Chrome Is only in Beta at version 9 for Linux, the upstream project, Chromium, has all the latest features. Spot has provided a repo with packages for some of your favorite platforms.

For development, I run the browser on the same serve that I install freeipa-server on. To get it to run,:

chromium-browser --auth-server-whitelist=`hostname` --auth-negotiate-delegate-whitelist=`hostname`

The unit tests don’t run using the file: protocol, but I’ve run them against the Static site and they run fine.