diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-11-04 14:58:42 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
| commit | 73fc15556d28706b0b9a10480fee8d56b2be9ab7 (patch) | |
| tree | 0ecac690ef5f597523200c774622d88120cc2945 /ipaserver/install/httpinstance.py | |
| parent | 4e97a0171a862e20089863e4bf0ec88d0ba98a53 (diff) | |
| download | freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.tar.gz freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.tar.xz freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.zip | |
domain-level agnostic keytab retrieval in httpinstance
apache keytab is now retrieved using the same method in both domain levels.
The difference lies in the authentication scheme used to retrieve service
keytab:
* in DL0 passed in DM credentials are used
* in DL1 GSSAPI is used
https://fedorahosted.org/freeipa/ticket/6405
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/install/httpinstance.py')
| -rw-r--r-- | ipaserver/install/httpinstance.py | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 25d16f28e..39d43f221 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -119,11 +119,13 @@ class WebGuiInstance(service.SimpleServiceInstance): service.SimpleServiceInstance.__init__(self, "ipa_webgui") class HTTPInstance(service.Service): - def __init__(self, fstore=None, cert_nickname='Server-Cert'): + def __init__(self, fstore=None, cert_nickname='Server-Cert', + api=api): super(HTTPInstance, self).__init__( "httpd", service_desc="the web interface", fstore=fstore, + api=api, service_prefix=u'HTTP', service_user=HTTPD_USER, keytab=paths.IPA_KEYTAB) @@ -167,7 +169,7 @@ class HTTPInstance(service.Service): if self.ca_is_configured: self.step("configure certmonger for renewals", self.configure_certmonger_renewal_guard) - self.step("setting up httpd keytab", self.__create_http_keytab) + self.step("setting up httpd keytab", self._request_service_keytab) self.step("setting up ssl", self.__setup_ssl) self.step("importing CA certificates from LDAP", self.__import_ca_certs) self.step("publish CA cert", self.__publish_ca_cert) @@ -201,16 +203,6 @@ class HTTPInstance(service.Service): except ipapython.errors.SetseboolError as e: self.print_msg(e.format_service_warning('web interface')) - def __create_http_keytab(self): - if not self.promote: - installutils.remove_keytab(self.keytab) - installutils.kadmin_addprinc(self.principal) - installutils.create_keytab(self.keytab, self.principal) - self.move_service(self.principal) - - pent = pwd.getpwnam(self.service_user) - os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid) - def remove_httpd_ccache(self): # Clean up existing ccache # Make sure that empty env is passed to avoid passing KRB5CCNAME from |