Use private ccache in ipa install tools

All installers that handle Kerberos auth, have been altered to use
private ccache, that is ipa-server-install, ipa-dns-install,
ipa-replica-install, ipa-ca-install.

https://fedorahosted.org/freeipa/ticket/3666

1 files changed, 22 insertions, 0 deletions

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 5ed2689d7..a568eae7c 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -28,6 +28,7 @@ import shutil
 from ConfigParser import SafeConfigParser, NoOptionError
 import traceback
 import textwrap
+from contextlib import contextmanager
 
 from dns import resolver, rdatatype
 from dns.exception import DNSException
@@ -753,3 +754,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
                 (pkcs12_filename, e))
 
         return server_cert_name
+
+
+@contextmanager
+def private_ccache():
+
+    (desc, path) = tempfile.mkstemp(prefix='krbcc')
+    os.close(desc)
+
+    original_value = os.environ.get('KRB5CCNAME', None)
+
+    os.environ['KRB5CCNAME'] = path
+
+    yield
+
+    if original_value is not None:
+        os.environ['KRB5CCNAME'] = original_value
+    else:
+        os.environ.pop('KRB5CCNAME')
+
+    if os.path.exists(path):
+        os.remove(path)