diff options
| author | Simo Sorce <ssorce@redhat.com> | 2007-08-01 15:58:52 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2007-08-01 15:58:52 -0400 |
| commit | fbfee8231722f0f3168dcfa3da2b804ca7c6a5e2 (patch) | |
| tree | f14bba0066a9b63e3cd01e7cbecaa99c88dfc6f9 | |
| parent | 96d292b7351bd7db0d402e3a393386889e3d79d8 (diff) | |
| download | freeipa.git-fbfee8231722f0f3168dcfa3da2b804ca7c6a5e2.tar.gz freeipa.git-fbfee8231722f0f3168dcfa3da2b804ca7c6a5e2.tar.xz freeipa.git-fbfee8231722f0f3168dcfa3da2b804ca7c6a5e2.zip | |
Try to fix dir layout and recover missing files
| -rw-r--r-- | ipa-install/README | 21 | ||||
| -rw-r--r-- | ipa-install/share/krb5.conf.template | 42 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/bind.zone.db.template (renamed from ipa-install/share/bind.zone.db.template) | 0 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/fedora-ds.init.patch (renamed from ipa-install/share/fedora-ds.init.patch) | 0 | ||||
| -rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 26 |
5 files changed, 10 insertions, 79 deletions
diff --git a/ipa-install/README b/ipa-install/README deleted file mode 100644 index 31e7375f..00000000 --- a/ipa-install/README +++ /dev/null @@ -1,21 +0,0 @@ - -Required packages: - -krb5-server -fedora-ds-base -openldap-clients -krb5-server-ldap -cyrus-sasl-gssapi - - -Installation example: - -TEMPORARY: (until fedora ds scripts are fixed) -please use the fedora-ds.init.patch under share/ to patch your init scripts before -running ipa-server-install - -cd ipa-install -make install -cd .. -/usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -m ipafree - diff --git a/ipa-install/share/krb5.conf.template b/ipa-install/share/krb5.conf.template deleted file mode 100644 index 23a24703..00000000 --- a/ipa-install/share/krb5.conf.template +++ /dev/null @@ -1,42 +0,0 @@ -[logging] - default = FILE:/var/log/krb5libs.log - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - -[libdefaults] - default_realm = $REALM - dns_lookup_realm = true - dns_lookup_kdc = true - ticket_lifetime = 24h - forwardable = yes - -[realms] - $REALM = { - kdc = $FQDN:88 - admin_server = $FQDN:749 - default_domain = $DOMAIN -} - -[domain_realm] - .$DOMAIN = $REALM - $DOMAIN = $REALM - -[appdefaults] - pam = { - debug = false - ticket_lifetime = 36000 - renew_lifetime = 36000 - forwardable = true - krb4_convert = false - } - -[dbmodules] - $REALM = { - db_library = kldap - ldap_servers = ldap://127.0.0.1/ - ldap_kerberos_container_dn = cn=kerberos,$SUFFIX - ldap_kdc_dn = uid=kdc,cn=kerberos,$SUFFIX - ldap_kadmind_dn = uid=kdc,cn=kerberos,$SUFFIX - ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd - } - diff --git a/ipa-install/share/bind.zone.db.template b/ipa-server/ipa-install/share/bind.zone.db.template index e846c4f2..e846c4f2 100644 --- a/ipa-install/share/bind.zone.db.template +++ b/ipa-server/ipa-install/share/bind.zone.db.template diff --git a/ipa-install/share/fedora-ds.init.patch b/ipa-server/ipa-install/share/fedora-ds.init.patch index 88a04fc2..88a04fc2 100644 --- a/ipa-install/share/fedora-ds.init.patch +++ b/ipa-server/ipa-install/share/fedora-ds.init.patch diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 131eee35..5a43617b 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -28,13 +28,7 @@ from time import gmtime import os import pwd import socket - -SHARE_DIR = "/usr/share/ipa/" - -def realm_to_suffix(realm_name): - s = realm_name.split(".") - terms = ["dc=" + x.lower() for x in s] - return ",".join(terms) +from util import * def host_to_domain(fqdn): s = fqdn.split(".") @@ -149,15 +143,15 @@ class KrbInstance: # TODO: NOT called yet, need to find out how to make sure the plugin is available first def __add_pwd_extop_module(self): - #add the password extop module - extop_txt = template_file(SHARE_DIR + "ipapwd_extop_plugin.ldif", self.sub_dict) - extop_fd = write_tmp_file(extop_txt) - ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) - extop_fd.close() - - #add an ACL to let the DS user read the master key - args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm] - run(args) + #add the password extop module + extop_txt = template_file(SHARE_DIR + "ipapwd_extop_plugin.ldif", self.sub_dict) + extop_fd = write_tmp_file(extop_txt) + ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) + extop_fd.close() + + #add an ACL to let the DS user read the master key + args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm] + run(args) def __create_sample_bind_zone(self): bind_txt = template_file(SHARE_DIR + "bind.zone.db.template", self.sub_dict) |