diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-09-01 16:17:16 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-09-03 18:15:58 +0200 |
| commit | e7a876d88a0ed07de69d9654ebdbf8ebb7bda364 (patch) | |
| tree | b2aa24ee8f4de50d29821dc032acd540807bad1b | |
| parent | b6435f2cc6fb803869776c57c7bc9b8ebffd92fd (diff) | |
| download | freeipa-e7a876d88a0ed07de69d9654ebdbf8ebb7bda364.tar.gz freeipa-e7a876d88a0ed07de69d9654ebdbf8ebb7bda364.tar.xz freeipa-e7a876d88a0ed07de69d9654ebdbf8ebb7bda364.zip | |
DNSSEC: remove ccache and keytab of ipa-ods-exporter
Reusing old ccache after reinstall causes authentication error. And
prevents DNSSEC from working.
Related to ticket: https://fedorahosted.org/freeipa/ticket/5273
Reviewed-By: Petr Spacek <pspacek@redhat.com>
| -rwxr-xr-x | daemons/dnssec/ipa-ods-exporter | 2 | ||||
| -rw-r--r-- | ipaplatform/base/paths.py | 1 | ||||
| -rw-r--r-- | ipaserver/install/odsexporterinstance.py | 7 |
3 files changed, 9 insertions, 1 deletions
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter index 4c7de851b..49be502d2 100755 --- a/daemons/dnssec/ipa-ods-exporter +++ b/daemons/dnssec/ipa-ods-exporter @@ -483,7 +483,7 @@ ipalib.api.finalize() # Kerberos initialization PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host)) log.debug('Kerberos principal: %s', PRINCIPAL) -ccache_name = os.path.join(WORKDIR, 'ipa-ods-exporter.ccache') +ccache_name = paths.IPA_ODS_EXPORTER_CCACHE try: ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name, diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 5c8f25d6e..a407c1273 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -333,6 +333,7 @@ class BasePathNamespace(object): NAMED_RUN = "/var/named/data/named.run" VAR_OPENDNSSEC_DIR = "/var/opendnssec" OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db" + IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache" VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv" KRB5CC_HTTPD = "/var/run/httpd/ipa/krbcache/krb5ccache" IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock" diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py index 20ba4fbd4..e9ba51027 100644 --- a/ipaserver/install/odsexporterinstance.py +++ b/ipaserver/install/odsexporterinstance.py @@ -93,6 +93,13 @@ class ODSExporterInstance(service.Service): def __setup_principal(self): assert self.ods_uid is not None + + for f in [paths.IPA_ODS_EXPORTER_CCACHE, paths.IPA_ODS_EXPORTER_KEYTAB]: + try: + os.remove(f) + except OSError: + pass + dns_exporter_principal = "ipa-ods-exporter/" + self.fqdn + "@" + self.realm installutils.kadmin_addprinc(dns_exporter_principal) |