summaryrefslogtreecommitdiffstats
path: root/ipa-server
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2007-12-11 12:25:58 -0500
committerSimo Sorce <ssorce@redhat.com>2007-12-11 12:25:58 -0500
commit01131e2a37a9aec197b4e286e0559165d403fe73 (patch)
treef6b3cf5c7de7eaaa6f54d2aa2bb325b561ae4be4 /ipa-server
parent3defaaf7bac1d48f5006713c5dc2aa226028f5b9 (diff)
downloadfreeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.gz
freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.xz
freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.zip
Make sure we don't keep around old keys.
Fixes problem changing passwords seen only on servers where re-installations where performed (and old secrets piled up)
Diffstat (limited to 'ipa-server')
-rw-r--r--ipa-server/ipaserver/krbinstance.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index ede008a83..76818af7d 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -383,6 +383,11 @@ class KrbInstance(service.Service):
def __export_kadmin_changepw_keytab(self):
self.step("exporting the kadmin keytab")
+ try:
+ if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
+ os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
+ except os.error:
+ logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
kwrite.flush()