diff options
Diffstat (limited to 'ipaserver/install/service.py')
-rw-r--r-- | ipaserver/install/service.py | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index b80044f4b..fe6defc9c 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -539,7 +539,7 @@ class Service(object): except errors.DuplicateEntry: pass - def _run_getkeytab(self): + def run_getkeytab(self, ldap_uri, keytab, principal, retrieve=False): """ backup and remove old service keytab (if present) and fetch a new one using ipa-getkeytab. This assumes that the service principal is already @@ -549,16 +549,15 @@ class Service(object): * self.dm_password is not none, then DM credentials are used to fetch keytab """ - self.fstore.backup_file(self.keytab) + self.fstore.backup_file(keytab) try: - os.unlink(self.keytab) + os.unlink(keytab) except OSError: pass - ldap_uri = self.api.env.ldap_uri args = [paths.IPA_GETKEYTAB, - '-k', self.keytab, - '-p', self.principal, + '-k', keytab, + '-p', principal, '-H', ldap_uri] nolog = tuple() @@ -570,6 +569,9 @@ class Service(object): '-w', self.dm_password]) nolog += (self.dm_password,) + if retrieve: + args.extend(['-r']) + ipautil.run(args, nolog=nolog) def _request_service_keytab(self): @@ -580,7 +582,7 @@ class Service(object): "name, keytab, and username") self._add_service_principal() - self._run_getkeytab() + self.run_getkeytab(self.api.env.ldap_uri, self.keytab, self.principal) pent = pwd.getpwnam(self.service_user) os.chown(self.keytab, pent.pw_uid, pent.pw_gid) |