From 4f0b2154146cc3ed3b32b34713089323d96c1c74 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Tue, 11 Dec 2007 12:25:58 -0500
Subject: Make sure we don't keep around old keys. Fixes problem changing
 passwords seen only on servers where re-installations where performed (and
 old secrets piled up)

---
 ipa-server/ipaserver/krbinstance.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index ede008a83..76818af7d 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -383,6 +383,11 @@ class KrbInstance(service.Service):
 
     def __export_kadmin_changepw_keytab(self):
         self.step("exporting the kadmin keytab")
+        try:
+            if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
+                os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
+        except os.error:
+            logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
         (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
         kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
         kwrite.flush()
-- 
cgit