summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-09-07 12:40:58 +0200
committerRob Crittenden <rcritten@redhat.com>2012-09-19 20:47:31 -0400
commitd0f672c1312642fcba953041ed1acae6208e7a00 (patch)
treefcafa797786b9798b50f57f54084855847e3764d /ipaserver
parent0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154 (diff)
downloadfreeipa-d0f672c1312642fcba953041ed1acae6208e7a00.tar.gz
freeipa-d0f672c1312642fcba953041ed1acae6208e7a00.tar.xz
freeipa-d0f672c1312642fcba953041ed1acae6208e7a00.zip
Update krb5.conf during ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2515
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/adtrustinstance.py62
1 files changed, 62 insertions, 0 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 078c54db..c4403775 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -36,8 +36,11 @@ from ipapython.ipa_log_manager import *
from ipapython import services as ipaservices
from ipapython.dn import DN
+import ipaclient.ipachangeconf
+
import string
import struct
+import re
ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits
@@ -100,6 +103,7 @@ class ADTRUSTInstance(service.Service):
def __init__(self, fstore=None):
self.fqdn = None
self.ip_address = None
+ self.realm = None
self.domain_name = None
self.netbios_name = None
self.no_msdcs = None
@@ -410,6 +414,63 @@ class ADTRUSTInstance(service.Service):
except:
self.print_msg(SELINUX_WARNING % dict(var=','.join(sebools)))
+ def __mod_krb5_conf(self):
+ """
+ Set dns_lookup_kdc to true and master_kdc in /etc/krb5.conf
+ """
+
+ if not self.fqdn or not self.realm:
+ self.print_msg("Cannot modify /etc/krb5.conf")
+
+ krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+ krbconf.setOptionAssignment(" = ")
+ krbconf.setSectionNameDelimiters(("[", "]"))
+ krbconf.setSubSectionDelimiters(("{", "}"))
+ krbconf.setIndent(("", " ", " "))
+
+ libopts = [{'name':'dns_lookup_kdc', 'type':'option', 'action':'set',
+ 'value':'true'}]
+
+ master_kdc = self.fqdn + ":88"
+ kropts = [{'name':'master_kdc', 'type':'option', 'action':'set',
+ 'value':master_kdc}]
+
+ ropts = [{'name':self.realm, 'type':'subsection', 'action':'set',
+ 'value':kropts}]
+
+ opts = [{'name':'libdefaults', 'type':'section', 'action':'set',
+ 'value':libopts},
+ {'name':'realms', 'type':'section', 'action':'set',
+ 'value':ropts}]
+
+ krbconf.changeConf("/etc/krb5.conf", opts)
+
+ def __update_krb5_conf(self):
+ """
+ Update /etc/krb5.conf if needed
+ """
+
+ try:
+ krb5conf = open("/etc/krb5.conf", 'r')
+ except IOError, e:
+ self.print_msg("Cannot open /etc/krb5.conf (%s)\n" % str(e))
+ return
+
+ has_dns_lookup_kdc_true = False
+ for line in krb5conf:
+ if re.match("^\s*dns_lookup_kdc\s*=\s*[Tt][Rr][Uu][Ee]\s*$", line):
+ has_dns_lookup_kdc_true = True
+ break
+ krb5conf.close()
+
+ if not has_dns_lookup_kdc_true:
+ self.__mod_krb5_conf()
+ else:
+ self.print_msg("'dns_lookup_kdc' already set to 'true', "
+ "nothing to do.")
+
+
+
def __start(self):
try:
self.start()
@@ -541,6 +602,7 @@ class ADTRUSTInstance(service.Service):
self.step("adding cifs Kerberos principal", self.__setup_principal)
self.step("adding admin(group) SIDs", self.__add_admin_sids)
self.step("adding RID bases", self.__add_rid_bases)
+ self.step("updating Kerberos config", self.__update_krb5_conf)
self.step("activating CLDAP plugin", self.__add_cldap_module)
self.step("activating sidgen plugin and task", self.__add_sidgen_module)
self.step("activating extdom plugin", self.__add_extdom_module)