summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2012-10-08 13:27:16 +0300
committerRob Crittenden <rcritten@redhat.com>2012-10-09 18:15:25 -0400
commitc2a62b9433c6554c06ae28ce535c78f9a1fe7fb3 (patch)
tree2d858c46d649149f3a11a602c613700945537cfd /install
parent50e55b012ecf533c190536a364c72c961c070f9f (diff)
downloadfreeipa.git-c2a62b9433c6554c06ae28ce535c78f9a1fe7fb3.tar.gz
freeipa.git-c2a62b9433c6554c06ae28ce535c78f9a1fe7fb3.tar.xz
freeipa.git-c2a62b9433c6554c06ae28ce535c78f9a1fe7fb3.zip
Add cifs principal to S4U2Proxy targets only when running ipa-adtrust-install
Since CIFS principal is generated by ipa-adtrust-install and is only usable after setting CIFS configuration, there is no need to include it into default setup. This should fix upgrades from 2.2 to 3.0 where CIFS principal does not exist by default. https://fedorahosted.org/freeipa/ticket/3041
Diffstat (limited to 'install')
-rw-r--r--install/share/bootstrap-template.ldif1
-rw-r--r--install/share/replica-s4u2proxy.ldif6
-rw-r--r--install/updates/60-trusts.update4
-rw-r--r--install/updates/61-trusts-s4u2proxy.update9
4 files changed, 2 insertions, 18 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 24804e47..a17f2518 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -195,7 +195,6 @@ changetype: add
objectClass: groupOfPrincipals
objectClass: top
cn: ipa-cifs-delegation-targets
-memberPrincipal: cifs/$HOST@$REALM
dn: uid=admin,cn=users,cn=accounts,$SUFFIX
changetype: add
diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif
index 98de46fa..c7ced5ee 100644
--- a/install/share/replica-s4u2proxy.ldif
+++ b/install/share/replica-s4u2proxy.ldif
@@ -12,9 +12,3 @@ dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
add: memberPrincipal
memberPrincipal: ldap/$FQDN@$REALM
-
-dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
-changetype: modify
-add: memberPrincipal
-memberPrincipal: cifs/$FQDN@$REALM
-
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index cc9a771d..bf2c58da 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -40,10 +40,6 @@ dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
default: objectClass: GroupOfNames
default: objectClass: top
default: cn: adtrust agents
-default: member: krbprincipalname=cifs/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX
-
-dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
-add: member: krbprincipalname=cifs/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX
dn: cn=trusts,$SUFFIX
default: objectClass: top
diff --git a/install/updates/61-trusts-s4u2proxy.update b/install/updates/61-trusts-s4u2proxy.update
index 4a71148b..7504a068 100644
--- a/install/updates/61-trusts-s4u2proxy.update
+++ b/install/updates/61-trusts-s4u2proxy.update
@@ -1,12 +1,7 @@
-dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
-add: ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
-
dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
default: objectClass: groupOfPrincipals
default: objectClass: top
default: cn: ipa-cifs-delegation-targets
-default: memberPrincipal: cifs/$FQDN@$REALM
-
-dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
-add: memberPrincipal: cifs/$FQDN@$REALM
+dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
+add: ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
generated by cgit (git 2.34.1) at 2024-05-09 07:37:21 +0000