Blame SOURCES/0012-CAless-installation-set-the-perms-on-KDC-cert-file.patch
|
 |
89cb6d |
From 52855f472ea918534d50743af4a2b512661fdd95 Mon Sep 17 00:00:00 2001
|
|
|
89cb6d |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
89cb6d |
Date: Mon, 3 Aug 2020 18:52:07 +0200
|
|
|
89cb6d |
Subject: [PATCH] CAless installation: set the perms on KDC cert file
|
|
|
89cb6d |
|
|
|
89cb6d |
In CA less installation, the KDC certificate file does not have
|
|
|
89cb6d |
the expected 644 permissions. As a consequence, WebUI login
|
|
|
89cb6d |
fails.
|
|
|
89cb6d |
|
|
|
89cb6d |
The fix makes sure that the KDC cert file is saved with 644 perms.
|
|
|
89cb6d |
|
|
|
89cb6d |
Fixes: https://pagure.io/freeipa/issue/8440
|
|
|
89cb6d |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
89cb6d |
---
|
|
|
89cb6d |
ipaserver/install/krbinstance.py | 2 ++
|
|
|
89cb6d |
1 file changed, 2 insertions(+)
|
|
|
89cb6d |
|
|
|
89cb6d |
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
|
|
|
89cb6d |
index a666c0918afad81e35f49387ffc32cde60484c5d..3aede9016eb6de38d43a84cb6997cb69987c4eb2 100644
|
|
|
89cb6d |
--- a/ipaserver/install/krbinstance.py
|
|
|
89cb6d |
+++ b/ipaserver/install/krbinstance.py
|
|
|
89cb6d |
@@ -527,6 +527,8 @@ class KrbInstance(service.Service):
|
|
|
89cb6d |
certs.install_pem_from_p12(self.pkcs12_info[0],
|
|
|
89cb6d |
self.pkcs12_info[1],
|
|
|
89cb6d |
paths.KDC_CERT)
|
|
|
89cb6d |
+ # The KDC cert needs to be readable by everyone
|
|
|
89cb6d |
+ os.chmod(paths.KDC_CERT, 0o644)
|
|
|
89cb6d |
certs.install_key_from_p12(self.pkcs12_info[0],
|
|
|
89cb6d |
self.pkcs12_info[1],
|
|
|
89cb6d |
paths.KDC_KEY)
|
|
|
89cb6d |
--
|
|
|
89cb6d |
2.26.2
|
|
|
89cb6d |
|