|
|
ac7d03 |
From 60412d08baa5a6836e505428a8b9bc73bdce0353 Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
ac7d03 |
Date: Tue, 25 Apr 2017 19:12:51 +0200
|
|
|
ac7d03 |
Subject: [PATCH] Do not test anonymous PKINIT after install/upgrade
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Local FAST armoring will now work regardless of PKINIT status so there
|
|
|
ac7d03 |
is no need to explicitly test for working PKINIT. If there is, there
|
|
|
ac7d03 |
should be a test case for that.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/6830
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipaserver/install/krbinstance.py | 9 ---------
|
|
|
ac7d03 |
ipaserver/install/server/upgrade.py | 1 -
|
|
|
ac7d03 |
2 files changed, 10 deletions(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
|
|
|
ac7d03 |
index ad3475f95371c9ae17c8b0ac082039c041d5c64c..76ac3029ca6d1cbdd85c6ced6272c6f9a21f04a1 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/krbinstance.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/krbinstance.py
|
|
|
ac7d03 |
@@ -475,13 +475,6 @@ class KrbInstance(service.Service):
|
|
|
ac7d03 |
elif self.config_pkinit:
|
|
|
ac7d03 |
self.issue_ipa_ca_signed_pkinit_certs()
|
|
|
ac7d03 |
|
|
|
ac7d03 |
- def test_anonymous_pkinit(self):
|
|
|
ac7d03 |
- with ipautil.private_ccache() as anon_ccache:
|
|
|
ac7d03 |
- try:
|
|
|
ac7d03 |
- ipautil.run([paths.KINIT, '-n', '-c', anon_ccache])
|
|
|
ac7d03 |
- except ipautil.CalledProcessError:
|
|
|
ac7d03 |
- raise RuntimeError("Failed to configure anonymous PKINIT")
|
|
|
ac7d03 |
-
|
|
|
ac7d03 |
def enable_ssl(self):
|
|
|
ac7d03 |
"""
|
|
|
ac7d03 |
generate PKINIT certificate for KDC. If `--no-pkinit` was specified,
|
|
|
ac7d03 |
@@ -496,8 +489,6 @@ class KrbInstance(service.Service):
|
|
|
ac7d03 |
self.steps = []
|
|
|
ac7d03 |
self.step("installing X509 Certificate for PKINIT",
|
|
|
ac7d03 |
self.setup_pkinit)
|
|
|
ac7d03 |
- self.step("testing anonymous PKINIT", self.test_anonymous_pkinit)
|
|
|
ac7d03 |
-
|
|
|
ac7d03 |
self.start_creation()
|
|
|
ac7d03 |
else:
|
|
|
ac7d03 |
self.issue_selfsigned_pkinit_certs()
|
|
|
ac7d03 |
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
|
|
ac7d03 |
index 8da918114066598ec5a74098d85dfef06d22bf86..0f27428dd492bb44dd8c69a7e7f47abb531843f5 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/server/upgrade.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/server/upgrade.py
|
|
|
ac7d03 |
@@ -1507,7 +1507,6 @@ def setup_pkinit(krb):
|
|
|
ac7d03 |
if krb.is_running():
|
|
|
ac7d03 |
krb.stop()
|
|
|
ac7d03 |
krb.start()
|
|
|
ac7d03 |
- krb.test_anonymous_pkinit()
|
|
|
ac7d03 |
|
|
|
ac7d03 |
|
|
|
ac7d03 |
def disable_httpd_system_trust(http):
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.2
|
|
|
ac7d03 |
|