Configure Anonymous PKINIT on server installkdc-pkinit

Allow anonymous pkinit to be used so that unenrolled hosts can perform FAST authentication (necessary for 2FA for example) using an anonymous krbtgt obtained via Pkinit. https://fedorahosted.org/freeipa/ticket/5678 Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-07-26 11:19:01 -0400
committer: Simo Sorce <simo@redhat.com> 2016-12-08 19:54:30 -0500
commit: e17438cca414b1bc7a5c21da502550a520f25a67 (patch)
tree: e387e32f96a2893a1729a738cf7350b4b5a7611b /ipaplatform/base/paths.py
parent: fad87a9962ee33cfebc4fa59aba589e98b076cea (diff)
download: freeipa-kdc-pkinit.tar.gz
freeipa-kdc-pkinit.tar.xz
freeipa-kdc-pkinit.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index f85a2aa12..896fa9d98 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -240,7 +240,8 @@ class BasePathNamespace(object):
     KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
     KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
     KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
-    KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
+    KDC_CERT = "/var/kerberos/krb5kdc/kdc.crt"
+    KDC_KEY = "/var/kerberos/krb5kdc/kdc.key"
     VAR_LIB = "/var/lib"
     AUTHCONFIG_LAST = "/var/lib/authconfig/last"
     VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
author	Simo Sorce <simo@redhat.com>	2016-07-26 11:19:01 -0400
committer	Simo Sorce <simo@redhat.com>	2016-12-08 19:54:30 -0500
commit	e17438cca414b1bc7a5c21da502550a520f25a67 (patch)
tree	e387e32f96a2893a1729a738cf7350b4b5a7611b /ipaplatform/base/paths.py
parent	fad87a9962ee33cfebc4fa59aba589e98b076cea (diff)
download	freeipa-kdc-pkinit.tar.gz freeipa-kdc-pkinit.tar.xz freeipa-kdc-pkinit.zip