From ca4e6c1fdfac9b545b26f885dc4865f22ca36ae6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 26 Jul 2016 11:19:01 -0400
Subject: Configure Anonymous PKINIT on server install

Allow anonymous pkinit to be used so that unenrolled hosts can perform FAST
authentication (necessary for 2FA for example) using an anonymous krbtgt
obtained via Pkinit.

https://fedorahosted.org/freeipa/ticket/5678

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaplatform/base/paths.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipaplatform')

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index f85a2aa12..896fa9d98 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -240,7 +240,8 @@ class BasePathNamespace(object):
     KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
     KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
     KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
-    KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
+    KDC_CERT = "/var/kerberos/krb5kdc/kdc.crt"
+    KDC_KEY = "/var/kerberos/krb5kdc/kdc.key"
     VAR_LIB = "/var/lib"
     AUTHCONFIG_LAST = "/var/lib/authconfig/last"
     VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
-- 
cgit