diff options
author | Simo Sorce <simo@redhat.com> | 2016-12-07 04:33:40 -0500 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
commit | b109f5d850ce13585d4392ca48896dc069a746e5 (patch) | |
tree | ca1e3c0d8577c1802785b6a645c3169a36e22f2f /ipaserver/plugins | |
parent | 38c66896de1769077cd5b057133606ec5eeaf62b (diff) | |
download | freeipa-b109f5d850ce13585d4392ca48896dc069a746e5.tar.gz freeipa-b109f5d850ce13585d4392ca48896dc069a746e5.tar.xz freeipa-b109f5d850ce13585d4392ca48896dc069a746e5.zip |
Drop use of kinit_as_http from trust code
The framework will not have direct access to the keytab anymore.
This function was used in two places, to fetch the domain list and to
re-initialize the PAC when enabling or disabling a domain trust.
The domian list is normally fetched via oddjob anyway so this use is
not necesary anymore, and the MS-PAC re-initialization can be moved
later to oddjob if needed.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/trust.py | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index c84b1aa08..3de245846 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -1813,9 +1813,6 @@ class trustdomain_enable(LDAPQuery): if sid in trust_entry['ipantsidblacklistincoming']: trust_entry['ipantsidblacklistincoming'].remove(sid) ldap.update_entry(trust_entry) - # Force MS-PAC cache re-initialization on KDC side - domval = ipaserver.dcerpc.DomainValidator(self.api) - domval.kinit_as_http(keys[0]) else: raise errors.AlreadyActive() except errors.NotFound: @@ -1854,9 +1851,6 @@ class trustdomain_disable(LDAPQuery): if not (sid in trust_entry['ipantsidblacklistincoming']): trust_entry['ipantsidblacklistincoming'].append(sid) ldap.update_entry(trust_entry) - # Force MS-PAC cache re-initialization on KDC side - domval = ipaserver.dcerpc.DomainValidator(self.api) - domval.kinit_as_http(keys[0]) else: raise errors.AlreadyInactive() except errors.NotFound: |