From 8cb2aee626e7be3e9cde7195dabfebb3cc34cb6a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 19 Jul 2011 20:04:46 -0400 Subject: install: Remove uid=kdc user The ipadb DAL driver gets access to the ldap server as Directory Manager now so this user is not needed anymore. --- ipaserver/install/krbinstance.py | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'ipaserver/install/krbinstance.py') diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 838811b33..7f77fc1eb 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -49,8 +49,6 @@ import struct import certs from distutils import version -KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)' - def update_key_val_in_file(filename, key, val): if os.path.exists(filename): pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val)) @@ -162,7 +160,6 @@ class KrbInstance(service.Service): self.__common_setup(realm_name, host_name, domain_name, admin_password) - self.step("setting KDC account password", self.__configure_kdc_account_password) self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("adding kerberos container to the directory", self.__add_krb_container) self.step("configuring KDC", self.__configure_instance) @@ -226,16 +223,6 @@ class KrbInstance(service.Service): os.chmod("/var/kerberos/krb5kdc/kpasswd.keytab", 0600) - def __configure_kdc_account_password(self): - hexpwd = '' - for x in self.kdc_password: - hexpwd += (hex(ord(x))[2:]) - self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd") - pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "w") - pwd_fd.write("uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix+"#{HEX}"+hexpwd+"\n") - pwd_fd.close() - os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600) - def __enable(self): self.backup_state("enabled", self.is_enabled()) # We do not let the system start IPA components on its own, -- cgit