Adopted kinit_keytab and kinit_password for kerberos auth

Calls to ipautil.run using kinit were replaced with calls kinit_keytab/kinit_password functions implemented in the PATCH 0015. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-03-16 16:43:10 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2015-04-20 08:27:35 +0000
commit: 3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch)
tree: 77d8907c8dbba8db76db3cac3b9be09ffc970f01 /install/restart_scripts/renew_ca_cert
parent: a8e30e96716992e4160abdb7ac5995bb75e54eae (diff)
download: freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz
freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz
freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index c7bd5d74c..95205e448 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -21,6 +21,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import sys
+import os
 import syslog
 import tempfile
 import shutil
@@ -73,8 +74,9 @@ def _main():
     tmpdir = tempfile.mkdtemp(prefix="tmp-")
     try:
         principal = str('host/%s@%s' % (api.env.host, api.env.realm))
-        ccache = ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir,
-                                             principal)
+        ccache_filename = os.path.join(tmpdir, 'ccache')
+        ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
+        os.environ['KRB5CCNAME'] = ccache_filename
 
         ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False)
         ca.update_cert_config(nickname, cert, configured_constants)
@@ -139,7 +141,7 @@ def _main():
             conn = None
             try:
                 conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
-                conn.connect(ccache=ccache)
+                conn.connect(ccache=ccache_filename)
             except Exception, e:
                 syslog.syslog(
                     syslog.LOG_ERR, "Failed to connect to LDAP: %s" % e)
author	Martin Babinsky <mbabinsk@redhat.com>	2015-03-16 16:43:10 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2015-04-20 08:27:35 +0000
commit	3d2feac0e416c66ba37eee53ef5b3833c2c3e414 (patch)
tree	77d8907c8dbba8db76db3cac3b9be09ffc970f01 /install/restart_scripts/renew_ca_cert
parent	a8e30e96716992e4160abdb7ac5995bb75e54eae (diff)
download	freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.gz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.tar.xz freeipa-3d2feac0e416c66ba37eee53ef5b3833c2c3e414.zip