diff options
author | Sumit Bose <sbose@redhat.com> | 2012-09-07 12:40:58 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-09-19 20:47:31 -0400 |
commit | d0f672c1312642fcba953041ed1acae6208e7a00 (patch) | |
tree | fcafa797786b9798b50f57f54084855847e3764d /ipaserver | |
parent | 0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154 (diff) | |
download | freeipa-d0f672c1312642fcba953041ed1acae6208e7a00.tar.gz freeipa-d0f672c1312642fcba953041ed1acae6208e7a00.tar.xz freeipa-d0f672c1312642fcba953041ed1acae6208e7a00.zip |
Update krb5.conf during ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2515
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrustinstance.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 078c54db..c4403775 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -36,8 +36,11 @@ from ipapython.ipa_log_manager import * from ipapython import services as ipaservices from ipapython.dn import DN +import ipaclient.ipachangeconf + import string import struct +import re ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits @@ -100,6 +103,7 @@ class ADTRUSTInstance(service.Service): def __init__(self, fstore=None): self.fqdn = None self.ip_address = None + self.realm = None self.domain_name = None self.netbios_name = None self.no_msdcs = None @@ -410,6 +414,63 @@ class ADTRUSTInstance(service.Service): except: self.print_msg(SELINUX_WARNING % dict(var=','.join(sebools))) + def __mod_krb5_conf(self): + """ + Set dns_lookup_kdc to true and master_kdc in /etc/krb5.conf + """ + + if not self.fqdn or not self.realm: + self.print_msg("Cannot modify /etc/krb5.conf") + + krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") + krbconf.setOptionAssignment(" = ") + krbconf.setSectionNameDelimiters(("[", "]")) + krbconf.setSubSectionDelimiters(("{", "}")) + krbconf.setIndent(("", " ", " ")) + + libopts = [{'name':'dns_lookup_kdc', 'type':'option', 'action':'set', + 'value':'true'}] + + master_kdc = self.fqdn + ":88" + kropts = [{'name':'master_kdc', 'type':'option', 'action':'set', + 'value':master_kdc}] + + ropts = [{'name':self.realm, 'type':'subsection', 'action':'set', + 'value':kropts}] + + opts = [{'name':'libdefaults', 'type':'section', 'action':'set', + 'value':libopts}, + {'name':'realms', 'type':'section', 'action':'set', + 'value':ropts}] + + krbconf.changeConf("/etc/krb5.conf", opts) + + def __update_krb5_conf(self): + """ + Update /etc/krb5.conf if needed + """ + + try: + krb5conf = open("/etc/krb5.conf", 'r') + except IOError, e: + self.print_msg("Cannot open /etc/krb5.conf (%s)\n" % str(e)) + return + + has_dns_lookup_kdc_true = False + for line in krb5conf: + if re.match("^\s*dns_lookup_kdc\s*=\s*[Tt][Rr][Uu][Ee]\s*$", line): + has_dns_lookup_kdc_true = True + break + krb5conf.close() + + if not has_dns_lookup_kdc_true: + self.__mod_krb5_conf() + else: + self.print_msg("'dns_lookup_kdc' already set to 'true', " + "nothing to do.") + + + def __start(self): try: self.start() @@ -541,6 +602,7 @@ class ADTRUSTInstance(service.Service): self.step("adding cifs Kerberos principal", self.__setup_principal) self.step("adding admin(group) SIDs", self.__add_admin_sids) self.step("adding RID bases", self.__add_rid_bases) + self.step("updating Kerberos config", self.__update_krb5_conf) self.step("activating CLDAP plugin", self.__add_cldap_module) self.step("activating sidgen plugin and task", self.__add_sidgen_module) self.step("activating extdom plugin", self.__add_extdom_module) |