areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone

Blame SOURCES/0106-Do-not-test-anonymous-PKINIT-after-install-upgrade.patch

ac7d03
From 60412d08baa5a6836e505428a8b9bc73bdce0353 Mon Sep 17 00:00:00 2001
ac7d03
From: Martin Babinsky <mbabinsk@redhat.com>
ac7d03
Date: Tue, 25 Apr 2017 19:12:51 +0200
ac7d03
Subject: [PATCH] Do not test anonymous PKINIT after install/upgrade
ac7d03
ac7d03
Local FAST armoring will now work regardless of PKINIT status so there
ac7d03
is no need to explicitly test for working PKINIT. If there is, there
ac7d03
should be a test case for that.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6830
ac7d03
ac7d03
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ac7d03
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ac7d03
Reviewed-By: Martin Basti <mbasti@redhat.com>
ac7d03
Reviewed-By: Simo Sorce <ssorce@redhat.com>
ac7d03
---
ac7d03
 ipaserver/install/krbinstance.py    | 9 ---------
ac7d03
 ipaserver/install/server/upgrade.py | 1 -
ac7d03
 2 files changed, 10 deletions(-)
ac7d03
ac7d03
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
ac7d03
index ad3475f95371c9ae17c8b0ac082039c041d5c64c..76ac3029ca6d1cbdd85c6ced6272c6f9a21f04a1 100644
ac7d03
--- a/ipaserver/install/krbinstance.py
ac7d03
+++ b/ipaserver/install/krbinstance.py
ac7d03
@@ -475,13 +475,6 @@ class KrbInstance(service.Service):
ac7d03
         elif self.config_pkinit:
ac7d03
             self.issue_ipa_ca_signed_pkinit_certs()
ac7d03
 
ac7d03
-    def test_anonymous_pkinit(self):
ac7d03
-        with ipautil.private_ccache() as anon_ccache:
ac7d03
-            try:
ac7d03
-                ipautil.run([paths.KINIT, '-n', '-c', anon_ccache])
ac7d03
-            except ipautil.CalledProcessError:
ac7d03
-                raise RuntimeError("Failed to configure anonymous PKINIT")
ac7d03
-
ac7d03
     def enable_ssl(self):
ac7d03
         """
ac7d03
         generate PKINIT certificate for KDC. If `--no-pkinit` was specified,
ac7d03
@@ -496,8 +489,6 @@ class KrbInstance(service.Service):
ac7d03
             self.steps = []
ac7d03
             self.step("installing X509 Certificate for PKINIT",
ac7d03
                       self.setup_pkinit)
ac7d03
-            self.step("testing anonymous PKINIT", self.test_anonymous_pkinit)
ac7d03
-
ac7d03
             self.start_creation()
ac7d03
         else:
ac7d03
             self.issue_selfsigned_pkinit_certs()
ac7d03
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
ac7d03
index 8da918114066598ec5a74098d85dfef06d22bf86..0f27428dd492bb44dd8c69a7e7f47abb531843f5 100644
ac7d03
--- a/ipaserver/install/server/upgrade.py
ac7d03
+++ b/ipaserver/install/server/upgrade.py
ac7d03
@@ -1507,7 +1507,6 @@ def setup_pkinit(krb):
ac7d03
     if krb.is_running():
ac7d03
         krb.stop()
ac7d03
     krb.start()
ac7d03
-    krb.test_anonymous_pkinit()
ac7d03
 
ac7d03
 
ac7d03
 def disable_httpd_system_trust(http):
ac7d03
-- 
ac7d03
2.12.2
ac7d03