diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-01-31 17:18:35 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-01 08:13:50 +0100 |
commit | 893064f6132a9cbcfa35f6eca8964c69caad533e (patch) | |
tree | 25a270b1bfe0e079911d58fc97d369729eba0bed /install | |
parent | 3ad8d7c1fb1e65de8d88c494ca75a8c5c283a472 (diff) | |
download | freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.tar.gz freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.tar.xz freeipa-893064f6132a9cbcfa35f6eca8964c69caad533e.zip |
Use fully qualified CCACHE names
Some parts of install scripts used only ccache name as returned by
krbV.CCache.name attribute. However, when this name is used again
to initialize krbV.CCache object or when it is used in KRB5CCNAME
environmental variable, it fails for new DIR type of CCACHE.
We should always use both CCACHE type and name when referring to
them to avoid these crashes. ldap2 backend was also updated to
accept directly krbV.CCache object which contains everything we need
to authenticate with ccache.
https://fedorahosted.org/freeipa/ticket/3381
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-adtrust-install | 2 | ||||
-rwxr-xr-x | install/tools/ipa-dns-install | 2 | ||||
-rwxr-xr-x | install/tools/ipa-replica-manage | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 17f2f0e98..6985bba27 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -299,7 +299,7 @@ def main(): sys.exit("Must have Kerberos credentials to setup AD trusts on server") try: - api.Backend.ldap2.connect(ccache.name) + api.Backend.ldap2.connect(ccache) except errors.ACIError, e: sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket") except errors.DatabaseError, e: diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 71592d489..2ab90b648 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -205,7 +205,7 @@ def main(): api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=bind.dm_password) else: # See if our LDAP server is up and we can talk to it over GSSAPI - ccache = krbV.default_context().default_ccache().name + ccache = krbV.default_context().default_ccache() api.Backend.ldap2.connect(ccache) if options.reverse_zone: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 242289108..0dad14319 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -667,7 +667,7 @@ def del_master(realm, hostname, options): api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=options.dirman_passwd) else: - ccache = krbV.default_context().default_ccache().name + ccache = krbV.default_context().default_ccache() api.Backend.ldap2.connect(ccache=ccache) bind = bindinstance.BindInstance() bind.remove_master_dns_records(hostname, realm, realm.lower()) |