diff options
| author | Simo Sorce <ssorce@redhat.com> | 2007-06-29 11:30:10 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2007-06-29 11:30:10 -0400 |
| commit | 26feac8e080cfa241a10b9f6ff7b8e5fee68b8de (patch) | |
| tree | dccadcb3c0f708d01ebef3a26d7f95c72b324a0c /ipa-install/src/ipa/krbinstance.py | |
| parent | 820479471ef75c3b5da59c2046f56022059b8b06 (diff) | |
| download | freeipa.git-26feac8e080cfa241a10b9f6ff7b8e5fee68b8de.tar.gz freeipa.git-26feac8e080cfa241a10b9f6ff7b8e5fee68b8de.tar.xz freeipa.git-26feac8e080cfa241a10b9f6ff7b8e5fee68b8de.zip | |
First working version
Diffstat (limited to 'ipa-install/src/ipa/krbinstance.py')
| -rw-r--r-- | ipa-install/src/ipa/krbinstance.py | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/ipa-install/src/ipa/krbinstance.py b/ipa-install/src/ipa/krbinstance.py index 59eb2cef..1b0a8d63 100644 --- a/ipa-install/src/ipa/krbinstance.py +++ b/ipa-install/src/ipa/krbinstance.py @@ -30,7 +30,7 @@ SHARE_DIR = "/usr/share/ipa/" def realm_to_suffix(realm_name): s = realm_name.split(".") - terms = ["dc=" + x for x in s] + terms = ["dc=" + x.lower() for x in s] return ",".join(terms) def generate_kdc_password(): @@ -38,7 +38,8 @@ def generate_kdc_password(): r = Random() r.seed(gmtime()) for x in range(12): - rndpwd += chr(r.randint(32,126)) +# rndpwd += chr(r.randint(32,126)) + rndpwd += chr(r.randint(65,90)) #stricter set for testing return rndpwd def template_str(txt, vars): @@ -82,18 +83,21 @@ class KrbInstance: self.sub_dict = None def create_instance(self, realm_name, host_name, admin_password, master_password): - self.realm_name = realm_name + self.realm_name = realm_name.upper() self.host_name = host_name self.admin_password = admin_password self.master_password = master_password self.suffix = realm_to_suffix(self.realm_name) self.kdc_password = generate_kdc_password() + self.__configure_kdc_account_password() self.__setup_sub_dict() self.__configure_ldap() + self.__create_instance() + self.start() def stop(self): @@ -111,12 +115,15 @@ class KrbInstance: hexpwd += (hex(ord(x))[2:]) pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "a+") pwd_fd.write("uid=kdc,cn=kerberos,"+self.suffix+"#{HEX}"+hexpwd+"\n") + pwd_fd.write("#test:"+self.kdc_password+"\n") pwd_fd.close() def __setup_sub_dict(self): + #FIXME: can DOMAIN be different than REALM ? self.sub_dict = dict(FQHN=self.host_name, PASSWORD=self.kdc_password, SUFFIX=self.suffix, + DOMAIN= self.realm_name.lower(), REALM=self.realm_name) def __configure_ldap(self): @@ -125,17 +132,13 @@ class KrbInstance: kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict) kerberos_fd = write_tmp_file(kerberos_txt) ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password) - name = kerberos_fd.name kerberos_fd.close() - os.unlink(name) #Change the default ACL to avoid anonimous access to kerberos keys and othe hashes - aci_txt = template_file(SHARE_DIR + "default_aci.ldif", self.sub_dict) + aci_txt = template_file(SHARE_DIR + "default-aci.ldif", self.sub_dict) aci_fd = write_tmp_file(aci_txt) ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password) - name = aci_fd.name aci_fd.close() - os.unlink(name) def __create_instance(self): kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict) @@ -149,5 +152,5 @@ class KrbInstance: krb5_fd.close() #populate the directory with the realm structure - args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"] + args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"] run(args) |