diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/configuration.py')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index fc5dc84c4..17ca83681 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -54,38 +54,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # Place "slightly" less restrictive permissions on - # the top-level client directory ONLY - deployer.directory.create( - deployer.mdict['pki_client_subsystem_dir'], - uid=0, gid=0, - perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) - # Since 'certutil' does NOT strip the 'token=' portion of - # the 'token=password' entries, create a client password file - # which ONLY contains the 'password' for the purposes of - # allowing 'certutil' to generate the security databases - deployer.password.create_password_conf( - deployer.mdict['pki_client_password_conf'], - deployer.mdict['pki_client_database_password'], pin_sans_token=True) - deployer.file.modify( - deployer.mdict['pki_client_password_conf'], - uid=0, gid=0) - # Similarly, create a simple password file containing the - # PKCS #12 password used when exporting the "Admin Certificate" - # into a PKCS #12 file - deployer.password.create_client_pkcs12_password_conf( - deployer.mdict['pki_client_pkcs12_password_conf']) - deployer.file.modify(deployer.mdict['pki_client_pkcs12_password_conf']) - deployer.directory.create( - deployer.mdict['pki_client_database_dir'], - uid=0, gid=0) - deployer.certutil.create_security_databases( - deployer.mdict['pki_client_database_dir'], - deployer.mdict['pki_client_cert_database'], - deployer.mdict['pki_client_key_database'], - deployer.mdict['pki_client_secmod_database'], - password_file=deployer.mdict['pki_client_password_conf']) - instance = pki.server.PKIInstance(deployer.mdict['pki_instance_name']) instance.load() |