diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-11-04 14:58:42 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
commit | 73fc15556d28706b0b9a10480fee8d56b2be9ab7 (patch) | |
tree | 0ecac690ef5f597523200c774622d88120cc2945 /ipaserver/install/server/replicainstall.py | |
parent | 4e97a0171a862e20089863e4bf0ec88d0ba98a53 (diff) | |
download | freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.tar.gz freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.tar.xz freeipa-73fc15556d28706b0b9a10480fee8d56b2be9ab7.zip |
domain-level agnostic keytab retrieval in httpinstance
apache keytab is now retrieved using the same method in both domain levels.
The difference lies in the authentication scheme used to retrieve service
keytab:
* in DL0 passed in DM credentials are used
* in DL1 GSSAPI is used
https://fedorahosted.org/freeipa/ticket/6405
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index da790dd93..053c5021e 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -76,23 +76,6 @@ def make_pkcs12_info(directory, cert_name, password_name): return None -def install_http_keytab(config, fstore, remote_api): - - # Obtain keytab for the HTTP service - fstore.backup_file(paths.IPA_KEYTAB) - try: - os.unlink(paths.IPA_KEYTAB) - except OSError: - pass - - principal = 'HTTP/%s@%s' % (config.host_name, config.realm_name) - installutils.install_service_keytab(remote_api, - principal, - config.master_host_name, - paths.IPA_KEYTAB, - force_service_add=True) - - def install_http_certs(host_name, realm_name, subject_base): principal = 'HTTP/%s@%s' % (host_name, realm_name) # Obtain certificate for the HTTP service @@ -1351,7 +1334,6 @@ def install(installer): if promote: # we need to install http certs to setup ssl for httpd - install_http_keytab(config, fstore, remote_api) install_http_certs(config.host_name, config.realm_name, config.subject_base) |