On Mon, 2021-07-26 at 08:20 -0400, Rob Crittenden via FreeIPA-users
wrote:
[root@ipa] # cat /usr/local/sbin/testme
#!/bin/sh
touch /tmp/hello
[root@ipa]# ls -l /tmp/hello
ls: cannot access '/tmp/hello': No such file or directory
[root@ipa]# ipa-getcert request -f /etc/pki/tls/certs/test.pem -k
/etc/pki/tls/private/test.key -D `hostname` -K host/`hostname` -C
/usr/local/sbin/testme -w -v
New signing request "20210726121048" added.
State NEWLY_ADDED_READING_KEYINFO, stuck: no.
State GENERATING_CSR, stuck: no.
State SUBMITTING, stuck: no.
State SAVING_CERT, stuck: no.
State MONITORING, stuck: no.
[root@ipa]# ls -l /tmp/hello
-rw-------. 1 root root 0 Jul 26 08:10 /tmp/hello
I ran your test on my server, but it failed to run the command on my
end. Also, the steps reported by certmonger are different for me:
New signing request "20210726231003" added.
State NEWLY_ADDED_READING_CERT, stuck: no.
State MONITORING, stuck: no.
This time I don't see any new denials. O_O
--
Ranbir