diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-07-13 18:12:48 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-07-31 17:44:35 +0200 |
| commit | 68d5fe1ec7d785f127b3513f84cc632cdb1f9167 (patch) | |
| tree | c0723e680c929f19f4fd2cb61eb7dfd93287d267 /ipaserver/install/cainstance.py | |
| parent | 16ca564b1004eb672fe4ca3573e542f5a3ce014b (diff) | |
| download | freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.gz freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.xz freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.zip | |
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
- root, for performing Samba configuration and using LDAPI/autobind
- kinit-ed IPA admin user, to ensure proper ACIs are granted to
fetch keytab
As result, we can get rid of Directory Manager credentials in ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2815
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 2644689a0..dc4374cce 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -225,10 +225,9 @@ def get_outputList(data): class CADSInstance(service.Service): def __init__(self, host_name=None, realm_name=None, domain_name=None, dm_password=None): - service.Service.__init__(self, "pkids") + service.Service.__init__(self, "pkids", dm_password=dm_password, ldapi=False, autobind=service.DISABLED) self.serverid = "PKI-IPA" self.realm_name = realm_name - self.dm_password = dm_password self.sub_dict = None self.domain = domain_name self.fqdn = host_name |