|
|
ac7d03 |
From 71061059a6c56bad818cb379070ef742bbe517a3 Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
Date: Mon, 3 Apr 2017 14:08:46 +0200
|
|
|
ac7d03 |
Subject: [PATCH] Add pki_pin only when needed
|
|
|
ac7d03 |
|
|
|
ac7d03 |
If both the pki-tomcat NSS database and its password.conf have been
|
|
|
ac7d03 |
created, don't try to override the password.conf file.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/6839
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipaserver/install/cainstance.py | 10 +++++++---
|
|
|
ac7d03 |
ipaserver/install/krainstance.py | 10 +++++++---
|
|
|
ac7d03 |
2 files changed, 14 insertions(+), 6 deletions(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
ac7d03 |
index 92bb760d39d23fedb40b7e3c5bea53381f1c87ad..3980e412603437b0db5804623f6626d11e52c009 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/cainstance.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/cainstance.py
|
|
|
ac7d03 |
@@ -541,9 +541,13 @@ class CAInstance(DogtagInstance):
|
|
|
ac7d03 |
# CA key algorithm
|
|
|
ac7d03 |
config.set("CA", "pki_ca_signing_key_algorithm", self.ca_signing_algorithm)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
- # generate pin which we know can be used for FIPS NSS database
|
|
|
ac7d03 |
- pki_pin = ipautil.ipa_generate_password()
|
|
|
ac7d03 |
- config.set("CA", "pki_pin", pki_pin)
|
|
|
ac7d03 |
+ if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
|
|
|
ac7d03 |
+ os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
|
|
|
ac7d03 |
+ # generate pin which we know can be used for FIPS NSS database
|
|
|
ac7d03 |
+ pki_pin = ipautil.ipa_generate_password()
|
|
|
ac7d03 |
+ config.set("CA", "pki_pin", pki_pin)
|
|
|
ac7d03 |
+ else:
|
|
|
ac7d03 |
+ pki_pin = None
|
|
|
ac7d03 |
|
|
|
ac7d03 |
if self.clone:
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
|
|
|
ac7d03 |
index 34d667857a8055752e258a591af983190f33daa5..fc25ac72b0dc593f06a8b070b67b5d54a0ab8bce 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/krainstance.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/krainstance.py
|
|
|
ac7d03 |
@@ -235,9 +235,13 @@ class KRAInstance(DogtagInstance):
|
|
|
ac7d03 |
"KRA", "pki_share_dbuser_dn",
|
|
|
ac7d03 |
str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
|
|
|
ac7d03 |
|
|
|
ac7d03 |
- # generate pin which we know can be used for FIPS NSS database
|
|
|
ac7d03 |
- pki_pin = ipautil.ipa_generate_password()
|
|
|
ac7d03 |
- config.set("KRA", "pki_pin", pki_pin)
|
|
|
ac7d03 |
+ if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
|
|
|
ac7d03 |
+ os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
|
|
|
ac7d03 |
+ # generate pin which we know can be used for FIPS NSS database
|
|
|
ac7d03 |
+ pki_pin = ipautil.ipa_generate_password()
|
|
|
ac7d03 |
+ config.set("KRA", "pki_pin", pki_pin)
|
|
|
ac7d03 |
+ else:
|
|
|
ac7d03 |
+ pki_pin = None
|
|
|
ac7d03 |
|
|
|
ac7d03 |
_p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.9.3
|
|
|
ac7d03 |
|