diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-03-16 16:43:10 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-04-20 08:27:35 +0000 |
commit | 3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch) | |
tree | 77d8907c8dbba8db76db3cac3b9be09ffc970f01 /install/restart_scripts/renew_ra_cert | |
parent | a8e30e96716992e4160abdb7ac5995bb75e54eae (diff) | |
download | freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip |
Adopted kinit_keytab and kinit_password for kerberos auth
Calls to ipautil.run using kinit were replaced with calls
kinit_keytab/kinit_password functions implemented in the PATCH 0015.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'install/restart_scripts/renew_ra_cert')
-rw-r--r-- | install/restart_scripts/renew_ra_cert | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 7dae35623..1f8fcae6f 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -21,6 +21,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import sys +import os import syslog import tempfile import shutil @@ -42,8 +43,10 @@ def _main(): tmpdir = tempfile.mkdtemp(prefix="tmp-") try: principal = str('host/%s@%s' % (api.env.host, api.env.realm)) - ccache = ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir, - principal) + ccache_filename = os.path.join(tmpdir, 'ccache') + ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB, + ccache_filename) + os.environ['KRB5CCNAME'] = ccache_filename ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False) if ca.is_renewal_master(): |