diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 14:46:09 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-16 09:33:11 -0500 |
| commit | 8f87aa1288fcb00607430de0bc707682c689a335 (patch) | |
| tree | fe469e672c2617ebc9a78f0270d8eafa337dea12 | |
| parent | fbe72a4521502b68c763d7f6234cf6dda6350e62 (diff) | |
| download | freeipa-8f87aa1288fcb00607430de0bc707682c689a335.tar.gz freeipa-8f87aa1288fcb00607430de0bc707682c689a335.tar.xz freeipa-8f87aa1288fcb00607430de0bc707682c689a335.zip | |
Add krb5-pkinit-openssl as a Requires on ipa-server package
ticket 599
| -rwxr-xr-x | install/tools/ipa-replica-install | 9 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 5 | ||||
| -rw-r--r-- | ipa.spec.in | 4 | ||||
| -rw-r--r-- | ipaserver/install/krbinstance.py | 10 |
4 files changed, 4 insertions, 24 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c9df2dd43..50855fde9 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -278,11 +278,6 @@ def check_bind(): print "Aborting installation" sys.exit(1) -def check_pkinit(): - if not krbinstance.check_pkinit_plugin(): - print "Aborting installation" - sys.exit(1) - def main(): safe_options, options, filename = parse_options() installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug) @@ -350,10 +345,6 @@ def main(): if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed(): options.setup_pkinit = False - # check the pkinit plugin is installed - if options.setup_pkinit: - check_pkinit() - # Install CA cert so that we can do SSL connections with ldap install_ca_cert(config) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 0a1f1c56f..5b9e65216 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -548,11 +548,6 @@ def main(): if not bindinstance.check_inst(options.unattended): sys.exit("Aborting installation") - # check the pkinit plugin is installed - if options.setup_pkinit: - if not krbinstance.check_pkinit_plugin(): - sys.exit("Aborting installation") - # check the hostname is correctly configured, it must be as the kldap # utilities just use the hostname as returned by gethostbyname to set # up some of the standard entries diff --git a/ipa.spec.in b/ipa.spec.in index 95f6e109d..8c79660af 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -72,6 +72,7 @@ Requires: nss-tools Requires: krb5-server %endif Requires: krb5-server-ldap +Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi Requires: ntp Requires: httpd @@ -510,6 +511,9 @@ fi %endif %changelog +* Mon Dec 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-35 +- Add Requires on krb5-pkinit-openssl + * Fri Dec 10 2010 Jr Aquino <jr.aquino@citrix.com> - 1.99-34 - Add ipa-host-net-manage script diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 247b39009..c1e5a3f0a 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -49,16 +49,6 @@ from distutils import version KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)' -def check_pkinit_plugin(): - LIB32 = '/usr/lib/krb5/plugins/preauth/pkinit.so' - LIB64 = '/usr/lib64/krb5/plugins/preauth/pkinit.so' - if not os.path.exists(LIB32) and not os.path.exists(LIB64): - print "The pkinit plugin is missing" - print "Please install the 'krb5-pkinit-openssl' package and start the installation again" - return False - - return True - def update_key_val_in_file(filename, key, val): if os.path.exists(filename): pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val)) |