summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/krbinstance.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install/krbinstance.py')
-rw-r--r--ipaserver/install/krbinstance.py9
1 files changed, 3 insertions, 6 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 516c7eac5..247b39009 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -45,7 +45,6 @@ import pyasn1.codec.ber.decoder
import struct
import certs
-import httpinstance
from distutils import version
KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)'
@@ -544,11 +543,10 @@ class KrbInstance(service.Service):
def __setup_pkinit(self):
if self.self_signed_ca:
- ca_db = certs.CertDB(httpinstance.NSS_DIR, self.realm,
+ ca_db = certs.CertDB(self.realm,
subject_base=self.subject_base)
else:
- ca_db = certs.CertDB(httpinstance.NSS_DIR, self.realm,
- host_name=self.fqdn,
+ ca_db = certs.CertDB(self.realm, host_name=self.fqdn,
subject_base=self.subject_base)
if self.pkcs12_info:
@@ -564,8 +562,7 @@ class KrbInstance(service.Service):
# Finally copy the cacert in the krb directory so we don't
# have any selinux issues with the file context
- shutil.copyfile("/usr/share/ipa/html/ca.crt",
- "/var/kerberos/krb5kdc/cacert.pem")
+ shutil.copyfile("/etc/ipa/ca.crt", "/var/kerberos/krb5kdc/cacert.pem")
def __add_anonymous_pkinit_principal(self):
princ = "WELLKNOWN/ANONYMOUS"
generated by cgit (git 2.34.1) at 2024-05-03 10:40:59 +0000