diff options
| author | Simo Sorce <simo@redhat.com> | 2016-12-13 10:32:32 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-02-14 17:37:16 -0500 |
| commit | 63e18ecfe383827678cf77463520463ca7a4d821 (patch) | |
| tree | 452ccd2551c0d4bfe01ce94b1aff8c5a858da903 /ipaplatform | |
| parent | 43233c318b13e0ea38e2ebb1bb3147f6e24ca7fb (diff) | |
| download | freeipa-63e18ecfe383827678cf77463520463ca7a4d821.tar.gz freeipa-63e18ecfe383827678cf77463520463ca7a4d821.tar.xz freeipa-63e18ecfe383827678cf77463520463ca7a4d821.zip | |
Separate RA cert store from the HTTP cert store
This is in preparation for separating out the user under which the
ipa api framework runs as.
This commit also removes certs.NSS_DIR to avoid confusion and replaces
it where appropriate with the correct NSS DB directory, either the old
HTTPD_ALIAS_DIR ot the RA DB IPA_RADB_DIR. In some cases its use is
removed altogether as it was simply not necessary.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaplatform')
| -rw-r--r-- | ipaplatform/base/constants.py | 1 | ||||
| -rw-r--r-- | ipaplatform/base/paths.py | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py index 3984147b6..dccb0e719 100644 --- a/ipaplatform/base/constants.py +++ b/ipaplatform/base/constants.py @@ -11,6 +11,7 @@ class BaseConstantsNamespace(object): DS_USER = 'dirsrv' DS_GROUP = 'dirsrv' HTTPD_USER = "apache" + HTTPD_GROUP = "apache" GSSPROXY_USER = "root" IPA_DNS_PACKAGE_NAME = "freeipa-server-dns" KDCPROXY_USER = "kdcproxy" diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 28db7f1fc..95f8b9050 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -39,8 +39,8 @@ class BasePathNamespace(object): HOSTS = "/etc/hosts" ETC_HTTPD_DIR = "/etc/httpd" HTTPD_ALIAS_DIR = "/etc/httpd/alias" - ALIAS_CACERT_ASC = "/etc/httpd/alias/cacert.asc" - ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt" + IPA_RADB_DIR = "/var/lib/ipa/radb" + ALIAS_CACERT_ASC = "/var/lib/ipa/radb/cacert.asc" HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/" HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf" HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/httpd/conf.d/ipa-kdc-proxy.conf" @@ -139,7 +139,7 @@ class BasePathNamespace(object): ROOT_IPA_CACHE = "/root/.ipa_cache" ROOT_PKI = "/root/.pki" DOGTAG_ADMIN_P12 = "/root/ca-agent.p12" - KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem" + KRA_AGENT_PEM = "/var/lib/ipa/radb/kra-agent.pem" CACERT_P12 = "/root/cacert.p12" ROOT_IPA_CSR = "/root/ipa.csr" NAMED_PID = "/run/named/named.pid" |