From 67cddce4d47791ad357ed5551ab58e16dbf87e0c Mon Sep 17 00:00:00 2001 From: Karl MacMillan Date: Wed, 21 Nov 2007 18:09:24 -0500 Subject: Generate master password from Simo. --- ipa-python/ipautil.py | 12 ++++++++++++ ipa-server/ipa-install/ipa-server-install | 13 +------------ ipa-server/ipaserver/krbinstance.py | 13 +------------ ipa-server/xmlrpc-server/funcs.py | 6 +++--- 4 files changed, 17 insertions(+), 27 deletions(-) diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py index cd8eac16c..df9231884 100644 --- a/ipa-python/ipautil.py +++ b/ipa-python/ipautil.py @@ -23,6 +23,8 @@ import string import tempfile import logging import subprocess +from random import Random +from time import gmtime import os import stat import socket @@ -331,3 +333,13 @@ def parse_generalized_time(timestr): except ValueError: return None + +def ipa_generate_password(): + rndpwd = '' + r = Random() + r.seed(gmtime()) + for x in range(12): +# rndpwd += chr(r.randint(32,126)) + rndpwd += chr(r.randint(65,90)) #stricter set for testing + return rndpwd + diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index b957e522f..a33a3e892 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -232,17 +232,6 @@ def read_dm_password(): dm_password = read_password("Directory Manager") return dm_password -def read_master_password(): - print "The Kerberos database is usually encrypted using a master password." - print "Please store this password offline in a secure place." - print "It may be necessary in a recovery situation or to install a replica." - print "Without the master password the encrypted material can't be used by the KDC." - print "If the master password is lost all kerberos related secrets will also be lost." - print "" - #TODO: provide the option of generating a random password - master_password = read_password("Kerberos master") - return master_password - def read_admin_password(): print "The IPA server requires an administrative user, named 'admin'." print "This user is a regular system account used for IPA server administration." @@ -381,7 +370,7 @@ def main(): dm_password = options.dm_password if not options.master_password: - master_password = read_master_password() + master_password = ipa_generate_password() else: master_password = options.master_password diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index aca9e2613..84d677162 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -26,8 +26,6 @@ import logging import fileinput import re import sys -from random import Random -from time import gmtime import os import pwd import socket @@ -54,15 +52,6 @@ def host_to_domain(fqdn): s = fqdn.split(".") return ".".join(s[1:]) -def generate_kdc_password(): - rndpwd = '' - r = Random() - r.seed(gmtime()) - for x in range(12): -# rndpwd += chr(r.randint(32,126)) - rndpwd += chr(r.randint(65,90)) #stricter set for testing - return rndpwd - def ldap_mod(fd, dn, pwd): args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name] run(args) @@ -101,7 +90,7 @@ class KrbInstance(service.Service): self.ip = socket.gethostbyname(host_name) self.domain = host_to_domain(host_name) self.suffix = realm_to_suffix(self.realm) - self.kdc_password = generate_kdc_password() + self.kdc_password = ipa_generate_password() self.admin_password = admin_password self.__setup_sub_dict() diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index db7413dbe..17555afb7 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -51,9 +51,9 @@ DefaultUserContainer = "cn=users,cn=accounts" DefaultGroupContainer = "cn=groups,cn=accounts" # FIXME: need to check the ipadebug option in ipa.conf -logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)s %(message)s', - stream=sys.stderr) +#logging.basicConfig(level=logging.DEBUG, +# format='%(asctime)s %(levelname)s %(message)s', +# stream=sys.stderr) # # Apache runs in multi-process mode so each process will have its own -- cgit