From 68d5fe1ec7d785f127b3513f84cc632cdb1f9167 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Fri, 13 Jul 2012 18:12:48 +0300
Subject: Ensure ipa-adtrust-install is run with Kerberos ticket for admin user

When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
   - root, for performing Samba configuration and using LDAPI/autobind
   - kinit-ed IPA admin user, to ensure proper ACIs are granted to
     fetch keytab

As result, we can get rid of Directory Manager credentials in ipa-adtrust-install

https://fedorahosted.org/freeipa/ticket/2815
---
 ipaserver/install/krbinstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipaserver/install/krbinstance.py')

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 2faf8e19..8cc50fba 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -178,7 +178,7 @@ class KrbInstance(service.Service):
         self.start_creation("Configuring Kerberos KDC", 30)
 
         self.kpasswd = KpasswdInstance()
-        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
+        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix, realm=self.realm)
 
     def create_replica(self, realm_name,
                        master_fqdn, host_name,
-- 
cgit