ac7d03
From b5992ea987f6d8d49c988a9ab42463655b3d8e05 Mon Sep 17 00:00:00 2001
ac7d03
From: Martin Babinsky <mbabinsk@redhat.com>
ac7d03
Date: Fri, 31 Mar 2017 15:15:50 +0200
ac7d03
Subject: [PATCH] Use local anchor when armoring password requests
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6830
ac7d03
ac7d03
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ac7d03
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ac7d03
Reviewed-By: Martin Basti <mbasti@redhat.com>
ac7d03
Reviewed-By: Simo Sorce <ssorce@redhat.com>
ac7d03
---
ac7d03
 ipaserver/rpcserver.py | 2 +-
ac7d03
 1 file changed, 1 insertion(+), 1 deletion(-)
ac7d03
ac7d03
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
ac7d03
index 77ed7e124c2ca3dcb49d3a68269d6fa9875d4da0..161872450d141a61af4345a20e278db728fe2aac 100644
ac7d03
--- a/ipaserver/rpcserver.py
ac7d03
+++ b/ipaserver/rpcserver.py
ac7d03
@@ -944,7 +944,7 @@ class login_password(Backend, KerberosSession):
ac7d03
         self.debug('Obtaining armor in ccache %s', armor_path)
ac7d03
 
ac7d03
         try:
ac7d03
-            kinit_armor(armor_path)
ac7d03
+            kinit_armor(armor_path, pkinit_anchor=paths.CACERT_PEM)
ac7d03
         except RuntimeError as e:
ac7d03
             self.error("Failed to obtain armor cache")
ac7d03
             # We try to continue w/o armor, 2FA will be impacted
ac7d03
-- 
ac7d03
2.12.2
ac7d03