diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-07-19 20:04:46 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-08-26 08:24:50 -0400 |
commit | 8cb2aee626e7be3e9cde7195dabfebb3cc34cb6a (patch) | |
tree | 752225c103fa54f4bbc48190e875f54094a2bcbf /ipaserver/install | |
parent | 195a65d5c2b2f2a318225a94e734ec41cdc34b1d (diff) | |
download | freeipa-8cb2aee626e7be3e9cde7195dabfebb3cc34cb6a.tar.gz freeipa-8cb2aee626e7be3e9cde7195dabfebb3cc34cb6a.tar.xz freeipa-8cb2aee626e7be3e9cde7195dabfebb3cc34cb6a.zip |
install: Remove uid=kdc user
The ipadb DAL driver gets access to the ldap server as Directory Manager now so
this user is not needed anymore.
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/krbinstance.py | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 838811b3..7f77fc1e 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -49,8 +49,6 @@ import struct import certs from distutils import version -KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)' - def update_key_val_in_file(filename, key, val): if os.path.exists(filename): pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val)) @@ -162,7 +160,6 @@ class KrbInstance(service.Service): self.__common_setup(realm_name, host_name, domain_name, admin_password) - self.step("setting KDC account password", self.__configure_kdc_account_password) self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("adding kerberos container to the directory", self.__add_krb_container) self.step("configuring KDC", self.__configure_instance) @@ -226,16 +223,6 @@ class KrbInstance(service.Service): os.chmod("/var/kerberos/krb5kdc/kpasswd.keytab", 0600) - def __configure_kdc_account_password(self): - hexpwd = '' - for x in self.kdc_password: - hexpwd += (hex(ord(x))[2:]) - self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd") - pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "w") - pwd_fd.write("uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix+"#{HEX}"+hexpwd+"\n") - pwd_fd.close() - os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600) - def __enable(self): self.backup_state("enabled", self.is_enabled()) # We do not let the system start IPA components on its own, |