diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
commit | 27691b9e1c23d15362d943f04912343df3a29718 (patch) | |
tree | 4763f68ea8c78eca4839290b98f5d45014cfd2f5 /ipa-server/ipa-install/ipa-replica-prepare | |
parent | 24a7cf37148f4e7947e918fd35b5744e2e178e72 (diff) | |
download | freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.gz freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.xz freeipa-27691b9e1c23d15362d943f04912343df3a29718.zip |
Use the same kpasswd.keytab on all replicas.
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
Diffstat (limited to 'ipa-server/ipa-install/ipa-replica-prepare')
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 7c49f82af..dbcb75543 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -143,6 +143,7 @@ def copy_files(realm_name, dir): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) try: shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd") + shutil.copy("/var/kerberos/krb5kdc/kpasswd.keytab", dir + "/kpasswd.keytab") shutil.copy("/usr/share/ipa/html/preferences.html", dir + "/preferences.html") shutil.copy("/usr/share/ipa/html/configure.jar", dir + "/configure.jar") shutil.copy(config_dir + "/cacert.asc", dir + "/ca.crt") @@ -190,6 +191,7 @@ def main(): print "Packaging the replica into /var/lib/ipa/%s" % "replica-info-" + replica_fqdn ipautil.run(["/bin/tar", "cfz", "/var/lib/ipa/replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) + os.chmod("/var/lib/ipa/replica-info-" + replica_fqdn, 0600) shutil.rmtree(dir) |