diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-12-11 12:25:58 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-12-11 12:25:58 -0500 |
commit | 4f0b2154146cc3ed3b32b34713089323d96c1c74 (patch) | |
tree | 36b6dd049e3714f6d25291cf8fbc21912bbaca63 | |
parent | 75493763f665970858b26dd06cdf36985fe61940 (diff) | |
download | freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.gz freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.xz freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.zip |
Make sure we don't keep around old keys.
Fixes problem changing passwords seen only on servers where
re-installations where performed (and old secrets piled up)
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index ede008a83..76818af7d 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -383,6 +383,11 @@ class KrbInstance(service.Service): def __export_kadmin_changepw_keytab(self): self.step("exporting the kadmin keytab") + try: + if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"): + os.remove("/var/kerberos/krb5kdc/kpasswd.keytab") + except os.error: + logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.flush() |