Adopted kinit_keytab and kinit_password for kerberos auth

Calls to ipautil.run using kinit were replaced with calls kinit_keytab/kinit_password functions implemented in the PATCH 0015. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-03-16 16:43:10 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2015-04-20 08:27:35 +0000
commit: 3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch)
tree: 77d8907c8dbba8db76db3cac3b9be09ffc970f01 /ipa-client
parent: a8e30e96716992e4160abdb7ac5995bb75e54eae (diff)
download: freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz
freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz
freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip
2 files changed, 8 insertions, 4 deletions
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index ca56f9783..eee141812 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -26,6 +26,7 @@ import os
 import urlparse
 import time
 import tempfile
+from krbV import Krb5Error
 
 import SSSDConfig
 
@@ -431,10 +432,11 @@ def main():
     os.close(ccache_fd)
     try:
         try:
+            host_princ = str('host/%s@%s' % (api.env.host, api.env.realm))
+            ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
             os.environ['KRB5CCNAME'] = ccache_name
-            ipautil.run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, 'host/%s@%s' % (api.env.host, api.env.realm)])
-        except ipautil.CalledProcessError, e:
-            sys.exit("Failed to obtain host TGT.")
+        except Krb5Error as e:
+            sys.exit("Failed to obtain host TGT: %s" % e)
         # Now we have a TGT, connect to IPA
         try:
             api.Backend.rpcclient.connect()
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py
index 5ec5026f5..a9530674c 100644
--- a/ipa-client/ipaclient/ipa_certupdate.py
+++ b/ipa-client/ipaclient/ipa_certupdate.py
@@ -55,9 +55,11 @@ class CertUpdate(admintool.AdminTool):
         ldap = ipaldap.IPAdmin(server)
 
         tmpdir = tempfile.mkdtemp(prefix="tmp-")
+        ccache_name = os.path.join(tmpdir, 'ccache')
         try:
             principal = str('host/%s@%s' % (api.env.host, api.env.realm))
-            ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir, principal)
+            ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_name)
+            os.environ['KRB5CCNAME'] = ccache_name
 
             api.Backend.rpcclient.connect()
             try:
author	Martin Babinsky <mbabinsk@redhat.com>	2015-03-16 16:43:10 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2015-04-20 08:27:35 +0000
commit	3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch)
tree	77d8907c8dbba8db76db3cac3b9be09ffc970f01 /ipa-client
parent	a8e30e96716992e4160abdb7ac5995bb75e54eae (diff)
download	freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip