pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0154-replica-install-respect-pkinit-cert-file.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   bef1ab628ca8d534452090a549d788a6daef9fb5
  2.   SOURCES
  3.   0154-replica-install-respect-pkinit-cert-file.patch
Blob History Raw
ac7d03 
From c1b49645c22b91aff51a29e715e29c5df7a0892a Mon Sep 17 00:00:00 2001
ac7d03 
From: Jan Cholasta <jcholast@redhat.com>
ac7d03 
Date: Thu, 11 May 2017 07:40:40 +0000
ac7d03 
Subject: [PATCH] replica install: respect --pkinit-cert-file
ac7d03
ac7d03 
When --pkinit-cert-file is used, make sure the certificate and key is
ac7d03 
actually passed to `KrbInstance`.
ac7d03
ac7d03 
https://pagure.io/freeipa/issue/6831
ac7d03
ac7d03 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ac7d03 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ac7d03 
---
ac7d03 
 ipaserver/install/server/replicainstall.py | 9 ++++++---
ac7d03 
 1 file changed, 6 insertions(+), 3 deletions(-)
ac7d03
ac7d03 
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
ac7d03 
index 6f71f0b51812943fea3fb1c576a0174c739a070b..b30133ffa22d410452ae04624d49db209175bed9 100644
ac7d03 
--- a/ipaserver/install/server/replicainstall.py
ac7d03 
+++ b/ipaserver/install/server/replicainstall.py
ac7d03 
@@ -113,12 +113,13 @@ def install_replica_ds(config, options, ca_is_configured, remote_api,
ac7d03 
     return ds
ac7d03
ac7d03
ac7d03 
-def install_krb(config, setup_pkinit=False, promote=False):
ac7d03 
+def install_krb(config, setup_pkinit=False, pkcs12_info=None, promote=False):
ac7d03 
     krb = krbinstance.KrbInstance()
ac7d03
ac7d03 
     # pkinit files
ac7d03 
-    pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12",
ac7d03 
-                                   "pkinit_pin.txt")
ac7d03 
+    if pkcs12_info is None:
ac7d03 
+        pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12",
ac7d03 
+                                       "pkinit_pin.txt")
ac7d03
ac7d03 
     krb.create_replica(config.realm_name,
ac7d03 
                        config.master_host_name, config.host_name,
ac7d03 
@@ -1350,6 +1351,7 @@ def install(installer):
ac7d03 
     cafile = installer._ca_file
ac7d03 
     dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info
ac7d03 
     http_pkcs12_info = installer._http_pkcs12_info
ac7d03 
+    pkinit_pkcs12_info = installer._pkinit_pkcs12_info
ac7d03
ac7d03 
     remote_api = installer._remote_api
ac7d03 
     conn = remote_api.Backend.ldap2
ac7d03 
@@ -1430,6 +1432,7 @@ def install(installer):
ac7d03 
     krb = install_krb(
ac7d03 
         config,
ac7d03 
         setup_pkinit=not options.no_pkinit,
ac7d03 
+        pkcs12_info=pkinit_pkcs12_info,
ac7d03 
         promote=promote)
ac7d03
ac7d03 
     # we now need to enable ssl on the ds
ac7d03 
--
ac7d03 
2.9.4
ac7d03

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation