diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-09 16:57:41 -0400 |
commit | 27691b9e1c23d15362d943f04912343df3a29718 (patch) | |
tree | 4763f68ea8c78eca4839290b98f5d45014cfd2f5 /ipa-server/ipaserver | |
parent | 24a7cf37148f4e7947e918fd35b5744e2e178e72 (diff) | |
download | freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.gz freeipa-27691b9e1c23d15362d943f04912343df3a29718.tar.xz freeipa-27691b9e1c23d15362d943f04912343df3a29718.zip |
Use the same kpasswd.keytab on all replicas.
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.
439905
Diffstat (limited to 'ipa-server/ipaserver')
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 414568846..949e30bc5 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -147,8 +147,9 @@ class KrbInstance(service.Service): self.kpasswd.create_instance() - def create_replica(self, ds_user, realm_name, host_name, domain_name, admin_password, ldap_passwd_filename): + def create_replica(self, ds_user, realm_name, host_name, domain_name, admin_password, ldap_passwd_filename, kpasswd_filename): self.__copy_ldap_passwd(ldap_passwd_filename) + self.__copy_kpasswd_keytab(kpasswd_filename) self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password) @@ -157,7 +158,6 @@ class KrbInstance(service.Service): self.step("configuring KDC", self.__create_replica_instance) self.step("creating a keytab for the directory", self.__create_ds_keytab) self.step("creating a keytab for the machine", self.__create_host_keytab) - self.step("exporting the kadmin keytab", self.__export_kadmin_changepw_keytab) self.__common_post_setup() @@ -170,6 +170,11 @@ class KrbInstance(service.Service): shutil.copy(filename, "/var/kerberos/krb5kdc/ldappwd") os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600) + def __copy_kpasswd_keytab(self, filename): + self.fstore.backup_file("/var/kerberos/krb5kdc/kpasswd.keytab") + shutil.copy(filename, "/var/kerberos/krb5kdc/kpasswd.keytab") + os.chmod("/var/kerberos/krb5kdc/kpasswd.keytab", 0600) + def __configure_kdc_account_password(self): hexpwd = '' |