diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-11-03 17:54:14 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
| commit | 32599987fdc998e104846e8a176f70399cca2af2 (patch) | |
| tree | 5d718e32a4b21626ef1f2d2a36edea8c53fc5bd1 /ipaserver/install/httpinstance.py | |
| parent | 81bf72dc350b9c7daab669aaa796e96aee6ecbb8 (diff) | |
| download | freeipa-32599987fdc998e104846e8a176f70399cca2af2.tar.gz freeipa-32599987fdc998e104846e8a176f70399cca2af2.tar.xz freeipa-32599987fdc998e104846e8a176f70399cca2af2.zip | |
Turn Kerberos-related properties to Service class members
The Service class now accepts keytab path and service name part of Kerberos
principal as members. Kerberos principal is turned into a property computed
from service prefix, FQDN and realm. the handling of Kerberos principals and
keytabs in service installers was changed to use class members instead of
copy-pasted constants. This shall aid in the future refactoring of
principal/keytab handling code.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/install/httpinstance.py')
| -rw-r--r-- | ipaserver/install/httpinstance.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 2869116af..25d16f28e 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -124,7 +124,9 @@ class HTTPInstance(service.Service): "httpd", service_desc="the web interface", fstore=fstore, - service_user=HTTPD_USER) + service_prefix=u'HTTP', + service_user=HTTPD_USER, + keytab=paths.IPA_KEYTAB) self.cert_nickname = cert_nickname self.ca_is_configured = True @@ -139,7 +141,6 @@ class HTTPInstance(service.Service): self.domain = domain_name self.suffix = ipautil.realm_to_suffix(self.realm) self.pkcs12_info = pkcs12_info - self.principal = "HTTP/%s@%s" % (self.fqdn, self.realm) self.dercert = None self.subject_base = subject_base self.sub_dict = dict( @@ -202,9 +203,9 @@ class HTTPInstance(service.Service): def __create_http_keytab(self): if not self.promote: - installutils.remove_keytab(paths.IPA_KEYTAB) + installutils.remove_keytab(self.keytab) installutils.kadmin_addprinc(self.principal) - installutils.create_keytab(paths.IPA_KEYTAB, self.principal) + installutils.create_keytab(self.keytab, self.principal) self.move_service(self.principal) pent = pwd.getpwnam(self.service_user) @@ -527,7 +528,7 @@ class HTTPInstance(service.Service): except ValueError as error: root_logger.debug(error) - installutils.remove_keytab(paths.IPA_KEYTAB) + installutils.remove_keytab(self.keytab) installutils.remove_ccache(ccache_path=paths.KRB5CC_HTTPD, run_as=self.service_user) |