From b5992ea987f6d8d49c988a9ab42463655b3d8e05 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 31 Mar 2017 15:15:50 +0200 Subject: [PATCH] Use local anchor when armoring password requests https://pagure.io/freeipa/issue/6830 Reviewed-By: Alexander Bokovoy Reviewed-By: Jan Cholasta Reviewed-By: Martin Basti Reviewed-By: Simo Sorce --- ipaserver/rpcserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 77ed7e124c2ca3dcb49d3a68269d6fa9875d4da0..161872450d141a61af4345a20e278db728fe2aac 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -944,7 +944,7 @@ class login_password(Backend, KerberosSession): self.debug('Obtaining armor in ccache %s', armor_path) try: - kinit_armor(armor_path) + kinit_armor(armor_path, pkinit_anchor=paths.CACERT_PEM) except RuntimeError as e: self.error("Failed to obtain armor cache") # We try to continue w/o armor, 2FA will be impacted -- 2.12.2