path: root/ipaserver
diff options
authorRob Crittenden <>2011-07-17 12:55:54 -0400
committerRob Crittenden <>2011-07-17 22:26:01 -0400
commitd43ba5316a08249fa276cdc43338d85f784547f0 (patch)
tree70c41e5e40e60e4ef8ad44acb00faf3b81a22710 /ipaserver
parenta48a84a5ead90898630a23fc0de1c978d1e0b810 (diff)
Generate a database password by default in all cases.
If the password passed in when creating a NSS certificate database is None then a random password is generated. If it is empty ('') then an empty password is set. Because of this the HTTP instance on replicas were created with an empty password.
Diffstat (limited to 'ipaserver')
2 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/ b/ipaserver/install/
index 522d3f5..1bbcbab 100644
--- a/ipaserver/install/
+++ b/ipaserver/install/
@@ -914,7 +914,7 @@ class CertDB(object):
self.export_ca_cert(self.cacert_name, True)
- def create_from_cacert(self, cacert_fname, passwd=""):
+ def create_from_cacert(self, cacert_fname, passwd=None):
if ipautil.file_exists(self.certdb_fname):
# We already have a cert db, see if it is for the same CA.
# If it is we leave things as they are.
diff --git a/ipaserver/install/ b/ipaserver/install/
index 26fde51..d2eb27c 100644
--- a/ipaserver/install/
+++ b/ipaserver/install/
@@ -177,7 +177,7 @@ class HTTPInstance(service.Service):
db = certs.CertDB(self.realm, subject_base=self.subject_base)
if self.pkcs12_info:
- db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd="")
+ db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd=None)
server_certs = db.find_server_certs()
if len(server_certs) == 0:
raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])