Make sure we don't keep around old keys.

Fixes problem changing passwords seen only on servers where re-installations where performed (and old secrets piled up)
author: Simo Sorce <ssorce@redhat.com> 2007-12-11 12:25:58 -0500
committer: Simo Sorce <ssorce@redhat.com> 2007-12-11 12:25:58 -0500
commit: 01131e2a37a9aec197b4e286e0559165d403fe73 (patch)
tree: f6b3cf5c7de7eaaa6f54d2aa2bb325b561ae4be4 /ipa-server
parent: 3defaaf7bac1d48f5006713c5dc2aa226028f5b9 (diff)
download: freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.gz
freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.xz
freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index ede008a83..76818af7d 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -383,6 +383,11 @@ class KrbInstance(service.Service):
 
     def __export_kadmin_changepw_keytab(self):
         self.step("exporting the kadmin keytab")
+        try:
+            if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
+                os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
+        except os.error:
+            logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
         (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
         kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
         kwrite.flush()
author	Simo Sorce <ssorce@redhat.com>	2007-12-11 12:25:58 -0500
committer	Simo Sorce <ssorce@redhat.com>	2007-12-11 12:25:58 -0500
commit	01131e2a37a9aec197b4e286e0559165d403fe73 (patch)
tree	f6b3cf5c7de7eaaa6f54d2aa2bb325b561ae4be4 /ipa-server
parent	3defaaf7bac1d48f5006713c5dc2aa226028f5b9 (diff)
download	freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.gz freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.tar.xz freeipa-01131e2a37a9aec197b4e286e0559165d403fe73.zip