diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-01-31 17:18:35 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-02-01 08:13:50 +0100 |
| commit | 893064f6132a9cbcfa35f6eca8964c69caad533e (patch) | |
| tree | 25a270b1bfe0e079911d58fc97d369729eba0bed /ipalib/plugins/kerberos.py | |
| parent | 3ad8d7c1fb1e65de8d88c494ca75a8c5c283a472 (diff) | |
| download | freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.tar.gz freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.tar.xz freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.zip | |
Use fully qualified CCACHE names
Some parts of install scripts used only ccache name as returned by
krbV.CCache.name attribute. However, when this name is used again
to initialize krbV.CCache object or when it is used in KRB5CCNAME
environmental variable, it fails for new DIR type of CCACHE.
We should always use both CCACHE type and name when referring to
them to avoid these crashes. ldap2 backend was also updated to
accept directly krbV.CCache object which contains everything we need
to authenticate with ccache.
https://fedorahosted.org/freeipa/ticket/3381
Diffstat (limited to 'ipalib/plugins/kerberos.py')
| -rw-r--r-- | ipalib/plugins/kerberos.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ipalib/plugins/kerberos.py b/ipalib/plugins/kerberos.py index e6f775b97..7ae63b930 100644 --- a/ipalib/plugins/kerberos.py +++ b/ipalib/plugins/kerberos.py @@ -66,14 +66,17 @@ class krb(Backend): def default_ccname(self): """ - Return the default ccache file name. + Return the default ccache file name (schema+name). - This will return something like '/tmp/krb5cc_500'. + This will return something like 'FILE:/tmp/krb5cc_500'. This cannot return anything meaningful if used in the server as a request is processed. """ - return self.__default_ccache().name + default_ccache = self.__default_ccache() + ccname = "%(type)s:%(name)s" % dict(type=default_ccache.type, + name=default_ccache.name) + return ccname def default_principal(self): """ |