From edc7af1446af451ea5ed44420cceb05059a7b973 Mon Sep 17 00:00:00 2001
From: Karl MacMillan <kmacmill@redhat.com>
Date: Wed, 21 Nov 2007 23:28:25 -0500
Subject: Add xml-rpc interface for getting keytabs.

Warning: this lacks any sort of authorization.
---
 ipa-server/ipaserver/krbinstance.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ipa-server/ipaserver/krbinstance.py')

diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index 84d67716..c83002f7 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -165,6 +165,7 @@ class KrbInstance(service.Service):
 
     def __copy_ldap_passwd(self, filename):
         shutil.copy(filename, "/var/kerberos/krb5kdc/ldappwd")
+        os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600)
         
         
     def __configure_kdc_account_password(self):
@@ -175,6 +176,7 @@ class KrbInstance(service.Service):
         pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "w")
         pwd_fd.write("uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix+"#{HEX}"+hexpwd+"\n")
         pwd_fd.close()
+        os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600)
 
     def __setup_sub_dict(self):
         self.sub_dict = dict(FQDN=self.fqdn,
-- 
cgit