From 82af886e17905b8bdaadf8fc2b8214ad85a94470 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 5 Jun 2017 12:35:52 +0000 Subject: [PATCH] server certinstall: update KDC master entry After the KDC certificate is installed, add the PKINIT enabled flag to the KDC master entry. https://pagure.io/freeipa/issue/7000 Reviewed-By: Martin Babinsky --- ipaserver/install/ipa_server_certinstall.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index a14a84f188c62170c8ac11f823ebba60609e4cc7..9c8f6e81a802e1a87bab1fd15f729e10676fe3a3 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -34,7 +34,7 @@ from ipapython.certdb import (get_ca_nickname, verify_kdc_cert_validity) from ipapython.dn import DN from ipalib import api, errors -from ipaserver.install import certs, dsinstance, installutils +from ipaserver.install import certs, dsinstance, installutils, krbinstance class ServerCertInstall(admintool.AdminTool): @@ -223,6 +223,13 @@ class ServerCertInstall(admintool.AdminTool): except RuntimeError as e: raise admintool.ScriptError(str(e)) + krb = krbinstance.KrbInstance() + krb.init_info( + realm_name=api.env.realm, + host_name=api.env.host, + ) + krb.pkinit_enable() + def check_chain(self, pkcs12_filename, pkcs12_pin, nssdb): # create a temp nssdb with NSSDatabase() as tempnssdb: -- 2.9.4