diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-07-13 18:12:48 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-07-31 17:44:35 +0200 |
| commit | 68d5fe1ec7d785f127b3513f84cc632cdb1f9167 (patch) | |
| tree | c0723e680c929f19f4fd2cb61eb7dfd93287d267 /ipaserver/install/krbinstance.py | |
| parent | 16ca564b1004eb672fe4ca3573e542f5a3ce014b (diff) | |
| download | freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.gz freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.xz freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.zip | |
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
- root, for performing Samba configuration and using LDAPI/autobind
- kinit-ed IPA admin user, to ensure proper ACIs are granted to
fetch keytab
As result, we can get rid of Directory Manager credentials in ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2815
Diffstat (limited to 'ipaserver/install/krbinstance.py')
| -rw-r--r-- | ipaserver/install/krbinstance.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 2faf8e196..8cc50fba4 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -178,7 +178,7 @@ class KrbInstance(service.Service): self.start_creation("Configuring Kerberos KDC", 30) self.kpasswd = KpasswdInstance() - self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix) + self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix, realm=self.realm) def create_replica(self, realm_name, master_fqdn, host_name, |