diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-05-05 17:25:35 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-05-07 10:54:21 -0400 |
| commit | 0d6aaef2e177410f39e0967f2d13063ac8f805ef (patch) | |
| tree | f772577ef7a03c2a0f5cc312828ebb3fea3e5d78 /ipalib | |
| parent | 8f1df0fe8ae761f9c519841148a12c01458919ee (diff) | |
| download | freeipa-0d6aaef2e177410f39e0967f2d13063ac8f805ef.tar.gz freeipa-0d6aaef2e177410f39e0967f2d13063ac8f805ef.tar.xz freeipa-0d6aaef2e177410f39e0967f2d13063ac8f805ef.zip | |
We decided not to issue a certificate on join
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/join.py | 55 |
1 files changed, 2 insertions, 53 deletions
diff --git a/ipalib/plugins/join.py b/ipalib/plugins/join.py index 4daf980d2..28179a849 100644 --- a/ipalib/plugins/join.py +++ b/ipalib/plugins/join.py @@ -27,12 +27,8 @@ from ipalib import errors import krbV import os, subprocess from ipapython import ipautil -from ipapython import certdb -from ipapython import dogtag import tempfile import sha -import httplib -import xml.dom.minidom import stat import shutil @@ -97,8 +93,6 @@ class join(Command): def output_for_cli(self, textui, result, args, **options): textui.print_plain("Welcome to the %s realm" % options['realm']) textui.print_plain("Your keytab is in %s" % result.get('keytab')) - if result.get('pkcs12'): - textui.print_plain("An X.509 server certificate is in %s" % result.get('pkcs12')) def run(self, *args, **options): """ @@ -112,56 +106,11 @@ class join(Command): result = self.forward(*args, **options) self._get_keytab(result['krbprincipalname']) - self._generate_server_cert(args) - result['keytab'] = '/tmp/kt' - self._set_perms('/tmp/kt') - if ipautil.file_exists('/tmp/server.p12'): - self._set_perms('/tmp/server.p12') - result['pkcs12'] = '/tmp/server.p12' + result['keytab'] = '/etc/krb5.keytab' return result - def _set_perms(self, filename): - os.chown(filename, 0, 0) - os.chmod(filename, stat.S_IRUSR) - def _get_keytab(self, principal, stdin=None): - args = ["/usr/sbin/ipa-getkeytab", "-s", self.env.host, "-p", principal,"-k", "/tmp/kt"] + args = ["/usr/sbin/ipa-getkeytab", "-s", self.env.host, "-p", principal,"-k", "/etc/krb5.keytab"] return ipautil.run(args, stdin) - def _generate_server_cert(self, hostname): - subject = "CN=%s,OU=pki-ipa,O=IPA" % hostname - cdb = certdb.CertDB(secdir=None, temporary=True) - - csr = cdb.generate_csr(subject, keysize=1024) - - # Request a cert - try: - result = api.Command['cert_request'](unicode(csr), **{}) - except KeyError: - return "Certificates are not supported" - - # Load the cert into our temporary database - if result.get('certificate', False): - cert_file = cdb.secdir + "/cert.txt" - f = open(cert_file, "w") - f.write(result.get('certificate')) - f.close() - - cdb.add_certificate(cert_file, "Server-Cert", is_ca=False) - - ca_chain = dogtag.get_ca_certchain() - - ca_file = cdb.secdir + "/ca.txt" - f = open(ca_file, "w") - f.write(ca_chain) - f.close() - - cdb.add_certificate(ca_file, "caCert", is_ca=True) - - result = cdb.create_pkcs12("/tmp/server.p12", "Server-Cert") - else: - # Raise some error? - pass - - return result api.register(join) |