diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-03-16 16:43:10 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-04-20 08:27:35 +0000 |
| commit | 3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch) | |
| tree | 77d8907c8dbba8db76db3cac3b9be09ffc970f01 /daemons | |
| parent | a8e30e96716992e4160abdb7ac5995bb75e54eae (diff) | |
| download | freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip | |
Adopted kinit_keytab and kinit_password for kerberos auth
Calls to ipautil.run using kinit were replaced with calls
kinit_keytab/kinit_password functions implemented in the PATCH 0015.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'daemons')
| -rwxr-xr-x | daemons/dnssec/ipa-dnskeysync-replica | 6 | ||||
| -rwxr-xr-x | daemons/dnssec/ipa-dnskeysyncd | 4 | ||||
| -rwxr-xr-x | daemons/dnssec/ipa-ods-exporter | 6 |
3 files changed, 11 insertions, 5 deletions
diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica index 8a0ae8a9a..bcf928215 100755 --- a/daemons/dnssec/ipa-dnskeysync-replica +++ b/daemons/dnssec/ipa-dnskeysync-replica @@ -139,14 +139,16 @@ log.setLevel(level=logging.DEBUG) # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ipautil.kinit_hostprincipal(paths.IPA_DNSKEYSYNCD_KEYTAB, WORKDIR, PRINCIPAL) +ccache_filename = os.path.join(WORKDIR, 'ccache') +ipautil.kinit_keytab(PRINCIPAL, paths.IPA_DNSKEYSYNCD_KEYTAB, ccache_filename) +os.environ['KRB5CCNAME'] = ccache_filename log.debug('Got TGT') # LDAP initialization ldap = ipalib.api.Backend[ldap2] # fixme log.debug('Connecting to LDAP') -ldap.connect(ccache="%s/ccache" % WORKDIR) +ldap.connect(ccache=ccache_filename) log.debug('Connected') diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd index 919130343..b17c8d94e 100755 --- a/daemons/dnssec/ipa-dnskeysyncd +++ b/daemons/dnssec/ipa-dnskeysyncd @@ -65,7 +65,9 @@ log = root_logger # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ipautil.kinit_hostprincipal(KEYTAB_FB, WORKDIR, PRINCIPAL) +ccache_filename = os.path.join(WORKDIR, 'ccache') +ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename) +os.environ['KRB5CCNAME'] = ccache_filename # LDAP initialization basedn = DN(api.env.container_dns, api.env.basedn) diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter index 401f35087..6d33b79bb 100755 --- a/daemons/dnssec/ipa-ods-exporter +++ b/daemons/dnssec/ipa-ods-exporter @@ -399,7 +399,9 @@ ipalib.api.finalize() # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ipautil.kinit_hostprincipal(paths.IPA_ODS_EXPORTER_KEYTAB, WORKDIR, PRINCIPAL) +ccache_name = os.path.join(WORKDIR, 'ccache') +ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name) +os.environ['KRB5CCNAME'] = ccache_name log.debug('Got TGT') # LDAP initialization @@ -407,7 +409,7 @@ dns_dn = DN(ipalib.api.env.container_dns, ipalib.api.env.basedn) ldap = ipalib.api.Backend[ldap2] # fixme log.debug('Connecting to LDAP') -ldap.connect(ccache="%s/ccache" % WORKDIR) +ldap.connect(ccache=ccache_name) log.debug('Connected') |