Make sure we don't keep around old keys.

Fixes problem changing passwords seen only on servers where re-installations where performed (and old secrets piled up)
author: Simo Sorce <ssorce@redhat.com> 2007-12-11 12:25:58 -0500
committer: Simo Sorce <ssorce@redhat.com> 2007-12-11 12:25:58 -0500
commit: 4f0b2154146cc3ed3b32b34713089323d96c1c74 (patch)
tree: 36b6dd049e3714f6d25291cf8fbc21912bbaca63
parent: 75493763f665970858b26dd06cdf36985fe61940 (diff)
download: freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.gz
freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.xz
freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index ede008a83..76818af7d 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -383,6 +383,11 @@ class KrbInstance(service.Service):
 
     def __export_kadmin_changepw_keytab(self):
         self.step("exporting the kadmin keytab")
+        try:
+            if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
+                os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
+        except os.error:
+            logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
         (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
         kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
         kwrite.flush()
author	Simo Sorce <ssorce@redhat.com>	2007-12-11 12:25:58 -0500
committer	Simo Sorce <ssorce@redhat.com>	2007-12-11 12:25:58 -0500
commit	4f0b2154146cc3ed3b32b34713089323d96c1c74 (patch)
tree	36b6dd049e3714f6d25291cf8fbc21912bbaca63
parent	75493763f665970858b26dd06cdf36985fe61940 (diff)
download	freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.gz freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.tar.xz freeipa-4f0b2154146cc3ed3b32b34713089323d96c1c74.zip