diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-18 16:28:59 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
commit | 231f57cedb4fea26d3317fe2b1f30d043c7d2524 (patch) | |
tree | 568ca28e1e09751d0d8296d1d4338af813002e59 /ipapython/certdb.py | |
parent | 2421b13a9b8bd79084e9cfe488690057445d7aa7 (diff) | |
download | freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.gz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.xz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.zip |
Introduce NSS database /etc/ipa/nssdb
This is the new default NSS database for IPA.
/etc/pki/nssdb is still maintained for backward compatibility.
https://fedorahosted.org/freeipa/ticket/3259
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipapython/certdb.py')
-rw-r--r-- | ipapython/certdb.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py index a85831380..426c80996 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -17,6 +17,34 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import os + +from ipaplatform.paths import paths +from ipapython import ipautil + CA_NICKNAME_FMT = "%s IPA CA" + + def get_ca_nickname(realm, format=CA_NICKNAME_FMT): return format % realm + + +def create_ipa_nssdb(): + pwdfile = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt') + + ipautil.backup_file(pwdfile) + ipautil.backup_file(os.path.join(paths.IPA_NSSDB_DIR, 'cert8.db')) + ipautil.backup_file(os.path.join(paths.IPA_NSSDB_DIR, 'key3.db')) + ipautil.backup_file(os.path.join(paths.IPA_NSSDB_DIR, 'secmod.db')) + + with open(pwdfile, 'w') as f: + f.write(ipautil.ipa_generate_password(pwd_len=40)) + os.chmod(pwdfile, 0600) + + ipautil.run([paths.CERTUTIL, + "-N", + "-d", paths.IPA_NSSDB_DIR, + "-f", pwdfile]) + os.chmod(os.path.join(paths.IPA_NSSDB_DIR, 'cert8.db'), 0644) + os.chmod(os.path.join(paths.IPA_NSSDB_DIR, 'key3.db'), 0644) + os.chmod(os.path.join(paths.IPA_NSSDB_DIR, 'secmod.db'), 0644) |