diff options
author | Florence Blanc-Renaud <flo@redhat.com> | 2017-01-20 08:33:22 +0100 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-01-20 19:16:25 +0100 |
commit | ceec512b09002e8cf9388873418644ec584db30a (patch) | |
tree | c124b0836b99ec7aceaf87b6bffa0c090d17c40a /ipaserver/install | |
parent | 26630db9d0fb1d9c8a02840b71b3fb3e8bdf3e0d (diff) | |
download | freeipa-ceec512b09002e8cf9388873418644ec584db30a.tar.gz freeipa-ceec512b09002e8cf9388873418644ec584db30a.tar.xz freeipa-ceec512b09002e8cf9388873418644ec584db30a.zip |
ipa-restore must stop tracking PKINIT cert in the preparation phase
ipa-restore calls certmonger to stop tracking the PKI certs, HTTP and DS certs.
It must also stop tracking the newly introduced PKINIT cert (stored in
/var/kerberos/krb5kdc/kdc.crt).
Otherwise the restore operation ends up with PKINIT cert tracked twice and
uninstallation fails.
https://fedorahosted.org/freeipa/ticket/6570
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/ipa_restore.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2fae21591..89cf9e609 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -41,7 +41,7 @@ from ipaserver.install.cainstance import create_ca_user from ipaserver.install.replication import (wait_for_task, ReplicationManager, get_cs_replication_manager) from ipaserver.install import installutils -from ipaserver.install import dsinstance, httpinstance, cainstance +from ipaserver.install import dsinstance, httpinstance, cainstance, krbinstance from ipapython import ipaldap import ipapython.errors from ipaplatform.constants import constants @@ -821,6 +821,8 @@ class Restore(admintool.AdminTool): # When IPA is not installed, DS NSS DB does not exist pass + krbinstance.KrbInstance().stop_tracking_certs() + for basename in ('cert8.db', 'key3.db', 'secmod.db', 'pwdfile.txt'): filename = os.path.join(paths.IPA_NSSDB_DIR, basename) try: |