Drop use of kinit_as_http from trust code

The framework will not have direct access to the keytab anymore.
This function was used in two places, to fetch the domain list and to
re-initialize the PAC when enabling or disabling a domain trust.
The domian list is normally fetched via oddjob anyway so this use is
not necesary anymore, and the MS-PAC re-initialization can be moved
later to oddjob if needed.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 0 insertions, 6 deletions

diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
index c84b1aa08..3de245846 100644
--- a/ipaserver/plugins/trust.py
+++ b/ipaserver/plugins/trust.py
@@ -1813,9 +1813,6 @@ class trustdomain_enable(LDAPQuery):
             if sid in trust_entry['ipantsidblacklistincoming']:
                 trust_entry['ipantsidblacklistincoming'].remove(sid)
                 ldap.update_entry(trust_entry)
-                # Force MS-PAC cache re-initialization on KDC side
-                domval = ipaserver.dcerpc.DomainValidator(self.api)
-                domval.kinit_as_http(keys[0])
             else:
                 raise errors.AlreadyActive()
         except errors.NotFound:
@@ -1854,9 +1851,6 @@ class trustdomain_disable(LDAPQuery):
             if not (sid in trust_entry['ipantsidblacklistincoming']):
                 trust_entry['ipantsidblacklistincoming'].append(sid)
                 ldap.update_entry(trust_entry)
-                # Force MS-PAC cache re-initialization on KDC side
-                domval = ipaserver.dcerpc.DomainValidator(self.api)
-                domval.kinit_as_http(keys[0])
             else:
                 raise errors.AlreadyInactive()
         except errors.NotFound: