set preauth on kadmin/changepw otherwise the kpasswd can't acquire a ticket

author: Simo Sorce <ssorce@redhat.com> 2007-08-08 22:19:03 -0400
committer: Simo Sorce <ssorce@redhat.com> 2007-08-08 22:19:03 -0400
commit: c13bbdeb7a8492250d5e6308aadb2b593cc6a124 (patch)
tree: 7967cde9ac29a626fe17e68816a813ab98f4413c /ipa-server/ipaserver/krbinstance.py
parent: a50720e7d4979483c52081b4278046a354528dbf (diff)
download: freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.tar.gz
freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.tar.xz
freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index 5a43617b..9d9d69be 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -175,3 +175,11 @@ class KrbInstance:
         cfg_fd.close()
 	pent = pwd.getpwnam(self.ds_user)
         os.chown("/etc/sysconfig/fedora-ds", pent.pw_uid, pent.pw_gid)
+
+    def __set_kadmin_changepw_preauth(self):
+        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
+        kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
+        kwrite.flush()
+        kwrite.close()
+        kread.close()
+        kerr.close()
author	Simo Sorce <ssorce@redhat.com>	2007-08-08 22:19:03 -0400
committer	Simo Sorce <ssorce@redhat.com>	2007-08-08 22:19:03 -0400
commit	c13bbdeb7a8492250d5e6308aadb2b593cc6a124 (patch)
tree	7967cde9ac29a626fe17e68816a813ab98f4413c /ipa-server/ipaserver/krbinstance.py
parent	a50720e7d4979483c52081b4278046a354528dbf (diff)
download	freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.tar.gz freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.tar.xz freeipa.git-c13bbdeb7a8492250d5e6308aadb2b593cc6a124.zip