diff options
author | Mark McLoughlin <markmc@redhat.com> | 2007-12-18 18:03:34 +0000 |
---|---|---|
committer | Mark McLoughlin <markmc@redhat.com> | 2007-12-18 18:03:34 +0000 |
commit | 42f4b72c16252cb2439d1132a25f85ca1a44bd15 (patch) | |
tree | 7dbe80627c4e43e80d2d19d1db01da57200bc665 /ipa-server/ipaserver/httpinstance.py | |
parent | a6d852392138d2911cdaf98f8df22bc140b00888 (diff) | |
download | freeipa.git-42f4b72c16252cb2439d1132a25f85ca1a44bd15.tar.gz freeipa.git-42f4b72c16252cb2439d1132a25f85ca1a44bd15.tar.xz freeipa.git-42f4b72c16252cb2439d1132a25f85ca1a44bd15.zip |
Refactor keytab creation
There's a few places where we spawn of kadmin to add/modify
principals and create keytabs.
Refactor all that code into installutils.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Diffstat (limited to 'ipa-server/ipaserver/httpinstance.py')
-rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 26 |
1 files changed, 3 insertions, 23 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index d0329cca..4f8946b4 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -26,7 +26,6 @@ import logging import pwd import fileinput import sys -import time import shutil import service @@ -88,28 +87,9 @@ class HTTPInstance(service.Service): self.print_msg(selinux_warning) def __create_http_keytab(self): - try: - if ipautil.file_exists("/etc/httpd/conf/ipa.keytab"): - os.remove("/etc/httpd/conf/ipa.keytab") - except os.error: - print "Failed to remove /etc/httpd/conf/ipa.keytab." - (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") - kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.close() - kread.close() - kerr.close() - - # give kadmin time to actually write the file before we go on - retry = 0 - while not ipautil.file_exists("/etc/httpd/conf/ipa.keytab"): - time.sleep(1) - retry += 1 - if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" - sys.exit(1) + http_principal = "HTTP/" + self.fqdn + "@" + self.realm + installutils.kadmin_addprinc(http_principal) + installutils.create_keytab("/etc/httpd/conf/ipa.keytab", http_principal) pent = pwd.getpwnam("apache") os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) |