diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-03-12 16:14:22 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-03-18 12:31:23 +0100 |
| commit | 7b6bee030dac08807f254fdf58ba867c36cab23d (patch) | |
| tree | 2dabcb943cbe957fbf7d950b76fc4ec70af4ba30 /install/tools/ipa-dns-install | |
| parent | a58b77ca9cd3620201306258dd6bd05ea1c73c73 (diff) | |
| download | freeipa-7b6bee030dac08807f254fdf58ba867c36cab23d.tar.gz freeipa-7b6bee030dac08807f254fdf58ba867c36cab23d.tar.xz freeipa-7b6bee030dac08807f254fdf58ba867c36cab23d.zip | |
ipa-dns-install: use STARTTLS to connect to DS
BindInstance et al. now use STARTTLS to set up secure connection to DS during
ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/tools/ipa-dns-install')
| -rwxr-xr-x | install/tools/ipa-dns-install | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 967057e1a..b17dafaee 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -152,7 +152,7 @@ def main(): confirm=False, validate=False) if dm_password is None: sys.exit("Directory Manager password required") - bind = bindinstance.BindInstance(fstore, dm_password) + bind = bindinstance.BindInstance(fstore, dm_password, start_tls=True) # try the connection try: @@ -161,7 +161,8 @@ def main(): except errors.ACIError: sys.exit("Password is not valid!") - ods = opendnssecinstance.OpenDNSSECInstance(fstore, dm_password) + ods = opendnssecinstance.OpenDNSSECInstance(fstore, dm_password, + start_tls=True) if options.dnssec_master: dnssec_masters = ods.get_masters() # we can reinstall current server if it is dnssec master @@ -215,10 +216,13 @@ def main(): bind.create_instance() # on dnssec master this must be installed last - dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, dm_password) + dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, dm_password, + start_tls=True) dnskeysyncd.create_instance(api.env.host, api.env.realm) if options.dnssec_master: - ods_exporter = odsexporterinstance.ODSExporterInstance(fstore, dm_password) + ods_exporter = odsexporterinstance.ODSExporterInstance(fstore, + dm_password, + start_tls=True) ods_exporter.create_instance(api.env.host, api.env.realm) ods.create_instance(api.env.host, api.env.realm) |