diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-04-15 15:20:00 +0200 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-04-24 15:56:12 +0200 |
commit | 528e9503ed71c7d4b5231689ceb8bb37901efced (patch) | |
tree | f8dd9edd9db410109642a9e5e21fd5492e83e878 | |
parent | 2c8c4b8c885fe34cc722cce91639230a7734c3f3 (diff) | |
download | freeipa-528e9503ed71c7d4b5231689ceb8bb37901efced.tar.gz freeipa-528e9503ed71c7d4b5231689ceb8bb37901efced.tar.xz freeipa-528e9503ed71c7d4b5231689ceb8bb37901efced.zip |
use separate ccache filename for each IPA DNSSEC daemon
ipa-dnskeysyncd, ipa-dnskeysync-replica, and ipa-ods-exporter use a generic
'ccache' filename for credential storage, making debugging Kerberos-related
errors unnecessarily complicated. This patch renames the ccache files so that
each of these daemons now has its own credenital cache.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
-rwxr-xr-x | daemons/dnssec/ipa-dnskeysync-replica | 2 | ||||
-rwxr-xr-x | daemons/dnssec/ipa-dnskeysyncd | 2 | ||||
-rwxr-xr-x | daemons/dnssec/ipa-ods-exporter | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica index bcf928215..c2c4c2725 100755 --- a/daemons/dnssec/ipa-dnskeysync-replica +++ b/daemons/dnssec/ipa-dnskeysync-replica @@ -139,7 +139,7 @@ log.setLevel(level=logging.DEBUG) # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ccache_filename = os.path.join(WORKDIR, 'ccache') +ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysync-replica.ccache') ipautil.kinit_keytab(PRINCIPAL, paths.IPA_DNSKEYSYNCD_KEYTAB, ccache_filename) os.environ['KRB5CCNAME'] = ccache_filename log.debug('Got TGT') diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd index b17c8d94e..398f00762 100755 --- a/daemons/dnssec/ipa-dnskeysyncd +++ b/daemons/dnssec/ipa-dnskeysyncd @@ -65,7 +65,7 @@ log = root_logger # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ccache_filename = os.path.join(WORKDIR, 'ccache') +ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache') ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename) os.environ['KRB5CCNAME'] = ccache_filename diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter index 6d33b79bb..913b418af 100755 --- a/daemons/dnssec/ipa-ods-exporter +++ b/daemons/dnssec/ipa-ods-exporter @@ -399,7 +399,7 @@ ipalib.api.finalize() # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ccache_name = os.path.join(WORKDIR, 'ccache') +ccache_name = os.path.join(WORKDIR, 'ipa-ods-exporter.ccache') ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name) os.environ['KRB5CCNAME'] = ccache_name log.debug('Got TGT') |