diff options
| author | Simo Sorce <ssorce@redhat.com> | 2011-08-31 11:45:07 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-08-31 16:27:20 -0400 |
| commit | 801dc97adbf9eacd16c67c188500f148d9507b12 (patch) | |
| tree | 7716f4ae1ea4920244a0dc1fd972ca5cff13899f /ipaserver | |
| parent | 096cc43fe604f9145578d6e5ab32a778563b9737 (diff) | |
| download | freeipa-801dc97adbf9eacd16c67c188500f148d9507b12.tar.gz freeipa-801dc97adbf9eacd16c67c188500f148d9507b12.tar.xz freeipa-801dc97adbf9eacd16c67c188500f148d9507b12.zip | |
install: We do not need a kpasswd keytab anymore
We now use MIT's kadmin instead of our old ipa_kpasswd daemon.
kadmind knows how to fetch the keys directly from the database and doesn't need
a keytab on the filesystem.
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/krbinstance.py | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 1f499006e..8f2cf2c05 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -167,7 +167,6 @@ class KrbInstance(service.Service): self.step("adding default ACIs", self.__add_default_acis) self.step("creating a keytab for the directory", self.__create_ds_keytab) self.step("creating a keytab for the machine", self.__create_host_keytab) - self.step("exporting the kadmin keytab", self.__export_kadmin_changepw_keytab) self.step("adding the password extension to the directory", self.__add_pwd_extop_module) if setup_pkinit: self.step("creating X509 Certificate for PKINIT", self.__setup_pkinit) @@ -183,13 +182,11 @@ class KrbInstance(service.Service): def create_replica(self, realm_name, master_fqdn, host_name, domain_name, admin_password, - kpasswd_filename, setup_pkinit=False, pkcs12_info=None, self_signed_ca=False, subject_base=None): self.pkcs12_info = pkcs12_info self.self_signed_ca = self_signed_ca self.subject_base = subject_base - self.__copy_kpasswd_keytab(kpasswd_filename) self.master_fqdn = master_fqdn self.__common_setup(realm_name, host_name, domain_name, admin_password) @@ -211,11 +208,6 @@ class KrbInstance(service.Service): self.kpasswd = KpasswdInstance() self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix) - def __copy_kpasswd_keytab(self, filename): - self.fstore.backup_file("/var/kerberos/krb5kdc/kpasswd.keytab") - shutil.copy(filename, "/var/kerberos/krb5kdc/kpasswd.keytab") - os.chmod("/var/kerberos/krb5kdc/kpasswd.keytab", 0600) - def __enable(self): self.backup_state("enabled", self.is_enabled()) @@ -399,12 +391,6 @@ class KrbInstance(service.Service): self.move_service_to_host(host_principal) - def __export_kadmin_changepw_keytab(self): - installutils.kadmin_modprinc("kadmin/changepw", "+requires_preauth") - - self.fstore.backup_file("/var/kerberos/krb5kdc/kpasswd.keytab") - installutils.create_keytab("/var/kerberos/krb5kdc/kpasswd.keytab", "kadmin/changepw") - def __setup_pkinit(self): if self.self_signed_ca: ca_db = certs.CertDB(self.realm, |