From f6cac267e99c6f47ca6b78568182a82d48a6bb4c Mon Sep 17 00:00:00 2001

From: Stanislav Laznicka <slaznick@redhat.com>

Date: Wed, 31 May 2017 14:14:34 +0200

Subject: [PATCH] kdc.key should not be visible to all

While the world certainly is interested in our privates, we

should not just go ahead and show it to them.

https://pagure.io/freeipa/issue/6973

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

 ipalib/install/certmonger.py | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py

index ad031a738f4397d230ed131bde6ac7ddb7ef6fdb..c286996ee2318e241b4af190d1a01f42e28aa9f3 100644

--- a/ipalib/install/certmonger.py

+++ b/ipalib/install/certmonger.py

@@ -370,8 +370,8 @@ def request_cert(

         request_parameters['cert-postsave-command'] = post_command

     if perms:

-        request_parameters['key-perms'] = perms[0]

-        request_parameters['cert-perms'] = perms[1]

+        request_parameters['cert-perms'] = perms[0]

+        request_parameters['key-perms'] = perms[1]

     result = cm.obj_if.add_request(request_parameters)

     try:

-- 

2.9.4