- Better access control, make sure not even admins can read out passwords

- Insure admins can't locked out by mistake by inclusion in disabled groups - Fix also minor error in krbinstance.py
author: Simo Sorce <ssorce@redhat.com> 2007-12-11 21:56:36 -0500
committer: Simo Sorce <ssorce@redhat.com> 2007-12-11 21:56:36 -0500
commit: d76886ff4f481370b6e5f2a5c337992078f872b1 (patch)
tree: ec88768c8d17da891680ea3b2b5ea65336324099 /ipa-server/ipaserver/krbinstance.py
parent: c9160e02331dfd57b3f6a4b1c00d614a129c126d (diff)
download: freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.tar.gz
freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.tar.xz
freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index 76818af7d..1376cb0c3 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -245,7 +245,7 @@ class KrbInstance(service.Service):
         kerberos_fd = write_tmp_file(kerberos_txt)
         try:
             ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
+        except CalledProcessError, e:
             logging.critical("Failed to load kerberos.ldif: %s" % str(e))
         kerberos_fd.close()
 
@@ -254,7 +254,7 @@ class KrbInstance(service.Service):
         aci_fd = write_tmp_file(aci_txt) 
         try:
             ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
+        except CalledProcessError, e:
             logging.critical("Failed to load default-aci.ldif: %s" % str(e))
         aci_fd.close()
 
@@ -291,7 +291,7 @@ class KrbInstance(service.Service):
             args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
             try:
                 run(args)
-            except ipautil.CalledProcessError, e:
+            except CalledProcessError, e:
                 print "Failed to populate the realm structure in kerberos", e
 
     def __write_stash_from_ds(self):
@@ -322,7 +322,7 @@ class KrbInstance(service.Service):
         extop_fd = write_tmp_file(extop_txt)
         try:
             ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
+        except CalledProcessError, e:
             logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e))
         extop_fd.close()
author	Simo Sorce <ssorce@redhat.com>	2007-12-11 21:56:36 -0500
committer	Simo Sorce <ssorce@redhat.com>	2007-12-11 21:56:36 -0500
commit	d76886ff4f481370b6e5f2a5c337992078f872b1 (patch)
tree	ec88768c8d17da891680ea3b2b5ea65336324099 /ipa-server/ipaserver/krbinstance.py
parent	c9160e02331dfd57b3f6a4b1c00d614a129c126d (diff)
download	freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.tar.gz freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.tar.xz freeipa-d76886ff4f481370b6e5f2a5c337992078f872b1.zip