diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-08-15 18:30:15 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-08-15 18:30:15 -0400 |
commit | 788149e2e5d0da3294e46e5f0daa364c32b41ce9 (patch) | |
tree | eedcf39d22d59bbd0090bf5bdf65ddf29e41d380 /ipa-server/ipaserver | |
parent | a8e489e06598c228ff11910ff1f3509ce2661c9c (diff) | |
download | freeipa-788149e2e5d0da3294e46e5f0daa364c32b41ce9.tar.gz freeipa-788149e2e5d0da3294e46e5f0daa364c32b41ce9.tar.xz freeipa-788149e2e5d0da3294e46e5f0daa364c32b41ce9.zip |
Activate the passwd extop plugin and ipa-kpasswd daemon
Diffstat (limited to 'ipa-server/ipaserver')
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index e31312a76..996873703 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -87,12 +87,12 @@ class KrbInstance: self.__create_http_keytab() - self.__set_kadmin_changepw_preauth() - - self.__export_kadmin_changepw_keytab() + self.__export_kadmin_changepw_keytab() self.__create_sample_bind_zone() + self.__add_pwd_extop_module() + self.start() def stop(self): @@ -185,7 +185,7 @@ class KrbInstance: pent = pwd.getpwnam(self.ds_user) os.chown("/etc/sysconfig/fedora-ds", pent.pw_uid, pent.pw_gid) - def __set_kadmin_changepw_preauth(self): + def __export_kadmin_changepw_keytab(self): (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.flush() @@ -193,7 +193,6 @@ class KrbInstance: kread.close() kerr.close() - def __export_kadmin_changepw_keytab(self): (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("ktadd -k /var/kerberos/krb5kdc/kpasswd.keytab kadmin/changepw\n") kwrite.flush() @@ -201,6 +200,12 @@ class KrbInstance: kread.close() kerr.close() + cfg_fd = open("/etc/sysconfig/ipa-kpasswd", "a") + cfg_fd.write("export KRB5_KTNAME=/var/kerberos/krb5kdc/kpasswd.keytab\n") + cfg_fd.close() + pent = pwd.getpwnam(self.ds_user) + os.chown("/etc/sysconfig/ipa-kpasswd", pent.pw_uid, pent.pw_gid) + def __create_http_keytab(self): (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") |