diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-05-06 16:19:19 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2015-05-11 10:20:04 -0400 |
| commit | 6ee510efe491b1e2afd7e9901eee690365fd8bbb (patch) | |
| tree | d7c07b1380f92589adba578dff810744b17cbe52 /base/server/python/pki/server | |
| parent | 7dca020819b7573cd05bd54482fb5d1afe9bb658 (diff) | |
| download | pki-6ee510efe491b1e2afd7e9901eee690365fd8bbb.tar.gz pki-6ee510efe491b1e2afd7e9901eee690365fd8bbb.tar.xz pki-6ee510efe491b1e2afd7e9901eee690365fd8bbb.zip | |
Added options for internal token and replication passwords.
The installation code has been modified such that the admin can
optionally specify passwords for internal token and replication.
Otherwise the code will generate random passwords like before.
https://fedorahosted.org/pki/ticket/1354
Diffstat (limited to 'base/server/python/pki/server')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 2 | ||||
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 22 |
2 files changed, 18 insertions, 6 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 1521ef339..5527d7f94 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3821,6 +3821,8 @@ class ConfigClient: if not self.clone: self.set_admin_parameters(data) + data.replicationPassword = self.mdict['pki_replication_password'] + # Issuing CA Information self.set_issuing_ca_parameters(data) diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 39cef9413..fe1a54a3a 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -327,10 +327,14 @@ class PKIConfigParser: # means that we need to deal with escaping '%' characters # that might be present. no_interpolation = ( - 'pki_admin_password', 'pki_backup_password', + 'pki_admin_password', + 'pki_backup_password', 'pki_client_database_password', 'pki_client_pkcs12_password', - 'pki_ds_password', 'pki_security_domain_password') + 'pki_ds_password', + 'pki_pin', + 'pki_replicationdb_password', + 'pki_security_domain_password') print 'Loading deployment configuration from ' + \ config.user_deployment_cfg + '.' @@ -552,18 +556,24 @@ class PKIConfigParser: self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg self.mdict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name + + self.flatten_master_dict() + # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file pin_low = 100000000000 pin_high = 999999999999 - self.mdict['pki_pin'] = \ - random.randint(pin_low, pin_high) + + # use user-provided PIN if specified + if not self.mdict['pki_pin']: + # otherwise generate a random password + self.mdict['pki_pin'] = \ + random.randint(pin_low, pin_high) + self.mdict['pki_client_pin'] = \ random.randint(pin_low, pin_high) - self.flatten_master_dict() - pkilogging.sensitive_parameters = \ self.mdict['sensitive_parameters'].split() |