diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-03-16 16:43:10 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-04-20 08:27:35 +0000 |
commit | 3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch) | |
tree | 77d8907c8dbba8db76db3cac3b9be09ffc970f01 /ipa-client | |
parent | a8e30e96716992e4160abdb7ac5995bb75e54eae (diff) | |
download | freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip |
Adopted kinit_keytab and kinit_password for kerberos auth
Calls to ipautil.run using kinit were replaced with calls
kinit_keytab/kinit_password functions implemented in the PATCH 0015.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipa-client')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-automount | 8 | ||||
-rw-r--r-- | ipa-client/ipaclient/ipa_certupdate.py | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount index ca56f9783..eee141812 100755 --- a/ipa-client/ipa-install/ipa-client-automount +++ b/ipa-client/ipa-install/ipa-client-automount @@ -26,6 +26,7 @@ import os import urlparse import time import tempfile +from krbV import Krb5Error import SSSDConfig @@ -431,10 +432,11 @@ def main(): os.close(ccache_fd) try: try: + host_princ = str('host/%s@%s' % (api.env.host, api.env.realm)) + ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name) os.environ['KRB5CCNAME'] = ccache_name - ipautil.run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, 'host/%s@%s' % (api.env.host, api.env.realm)]) - except ipautil.CalledProcessError, e: - sys.exit("Failed to obtain host TGT.") + except Krb5Error as e: + sys.exit("Failed to obtain host TGT: %s" % e) # Now we have a TGT, connect to IPA try: api.Backend.rpcclient.connect() diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py index 5ec5026f5..a9530674c 100644 --- a/ipa-client/ipaclient/ipa_certupdate.py +++ b/ipa-client/ipaclient/ipa_certupdate.py @@ -55,9 +55,11 @@ class CertUpdate(admintool.AdminTool): ldap = ipaldap.IPAdmin(server) tmpdir = tempfile.mkdtemp(prefix="tmp-") + ccache_name = os.path.join(tmpdir, 'ccache') try: principal = str('host/%s@%s' % (api.env.host, api.env.realm)) - ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir, principal) + ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_name) + os.environ['KRB5CCNAME'] = ccache_name api.Backend.rpcclient.connect() try: |