From f589cc1e267d6d7b67a6463b4495b7a9c982669f Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Sat, 28 Jul 2012 18:59:30 -0700 Subject: PKI Deployment Scriptlets * TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . . --- base/deploy/src/scriptlets/security_databases.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'base/deploy/src/scriptlets/security_databases.py') diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index 8364d9519..73919ce5a 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -22,6 +22,7 @@ # PKI Deployment Imports import pkiconfig as config from pkiconfig import pki_master_dict as master +from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util import pkimessages as log import pkiscriptlet @@ -37,14 +38,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if not config.pki_dry_run_flag: util.password.create_password_conf( master['pki_shared_password_conf'], - master['pki_pin']) + sensitive['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_shared_pfile'], - master['pki_pin'], pin_sans_token=True) + sensitive['pki_pin'], pin_sans_token=True) util.file.modify(master['pki_shared_password_conf']) util.certutil.create_security_databases( master['pki_database_path'], @@ -91,14 +92,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): else: util.password.create_password_conf( master['pki_shared_password_conf'], - master['pki_pin']) + sensitive['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_shared_pfile'], - master['pki_pin'], pin_sans_token=True) + sensitive['pki_pin'], pin_sans_token=True) util.certutil.create_security_databases( master['pki_database_path'], master['pki_cert_database'], -- cgit