diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
| commit | 27691b9e1c23d15362d943f04912343df3a29718 (patch) | |
| tree | 4763f68ea8c78eca4839290b98f5d45014cfd2f5 /ipa-server/ipa-install | |
| parent | 24a7cf37148f4e7947e918fd35b5744e2e178e72 (diff) | |
| download | freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.gz freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.xz freeipa-27691b9e1c23d15362d943f04912343df3a29718.zip | |
Use the same kpasswd.keytab on all replicas.
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
Diffstat (limited to 'ipa-server/ipa-install')
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index 674859951..551b468a6 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -109,8 +109,10 @@ def install_ds(config): def install_krb(config): krb = krbinstance.KrbInstance() ldappwd_filename = config.dir + "/ldappwd" + kpasswd_filename = config.dir + "/kpasswd.keytab" krb.create_replica(config.ds_user, config.realm_name, config.host_name, - config.domain_name, config.dirman_password, ldappwd_filename) + config.domain_name, config.dirman_password, + ldappwd_filename, kpasswd_filename) def install_http(config): # if we have a pkcs12 file, create the cert db from diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 7c49f82af..dbcb75543 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -143,6 +143,7 @@ def copy_files(realm_name, dir): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) try: shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd") + shutil.copy("/var/kerberos/krb5kdc/kpasswd.keytab", dir + "/kpasswd.keytab") shutil.copy("/usr/share/ipa/html/preferences.html", dir + "/preferences.html") shutil.copy("/usr/share/ipa/html/configure.jar", dir + "/configure.jar") shutil.copy(config_dir + "/cacert.asc", dir + "/ca.crt") @@ -190,6 +191,7 @@ def main(): print "Packaging the replica into /var/lib/ipa/%s" % "replica-info-" + replica_fqdn ipautil.run(["/bin/tar", "cfz", "/var/lib/ipa/replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) + os.chmod("/var/lib/ipa/replica-info-" + replica_fqdn, 0600) shutil.rmtree(dir) |