ipa-client-install: create a temporary directory for ccache files

gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format
in credential cache' error when a name of an existing zero-length file is
passed as a ccache parameter. Use temporary directory instead and let GSSAPI
to create file-based ccache on demand.

https://fedorahosted.org/freeipa/ticket/5528

Reviewed-By: Tomas Babej <tbabej@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 9556cdec0..e9a7d45c3 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -2578,8 +2578,8 @@ def install(options, env, fstore, statestore):
                 root_logger.error("Test kerberos configuration failed")
                 return CLIENT_INSTALL_ERROR
             env['KRB5_CONFIG'] = krb_name
-            (ccache_fd, ccache_name) = tempfile.mkstemp()
-            os.close(ccache_fd)
+            ccache_dir = tempfile.mkdtemp(prefix='krbcc')
+            ccache_name = os.path.join(ccache_dir, 'ccache')
             join_args = [paths.SBIN_IPA_JOIN,
                          "-s", cli_server[0],
                          "-b", str(realm_to_suffix(cli_realm)),
@@ -2727,7 +2727,7 @@ def install(options, env, fstore, statestore):
             except OSError:
                 root_logger.error("Could not remove %s", krb_name)
             try:
-                os.remove(ccache_name)
+                os.rmdir(ccache_dir)
             except OSError:
                 pass
             try: