rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0106-Do-not-test-anonymous-PKINIT-after-install-upgrade.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   483b06d68cbb3facb2f1fcff4d857d3e3233a2e0
  2.   SOURCES
  3.   0106-Do-not-test-anonymous-PKINIT-after-install-upgrade.patch
Blob History Raw
483b06 
From 60412d08baa5a6836e505428a8b9bc73bdce0353 Mon Sep 17 00:00:00 2001
483b06 
From: Martin Babinsky <mbabinsk@redhat.com>
483b06 
Date: Tue, 25 Apr 2017 19:12:51 +0200
483b06 
Subject: [PATCH] Do not test anonymous PKINIT after install/upgrade
483b06
483b06 
Local FAST armoring will now work regardless of PKINIT status so there
483b06 
is no need to explicitly test for working PKINIT. If there is, there
483b06 
should be a test case for that.
483b06
483b06 
https://pagure.io/freeipa/issue/6830
483b06
483b06 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
483b06 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
483b06 
Reviewed-By: Martin Basti <mbasti@redhat.com>
483b06 
Reviewed-By: Simo Sorce <ssorce@redhat.com>
483b06 
---
483b06 
 ipaserver/install/krbinstance.py    | 9 ---------
483b06 
 ipaserver/install/server/upgrade.py | 1 -
483b06 
 2 files changed, 10 deletions(-)
483b06
483b06 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
483b06 
index ad3475f95371c9ae17c8b0ac082039c041d5c64c..76ac3029ca6d1cbdd85c6ced6272c6f9a21f04a1 100644
483b06 
--- a/ipaserver/install/krbinstance.py
483b06 
+++ b/ipaserver/install/krbinstance.py
483b06 
@@ -475,13 +475,6 @@ class KrbInstance(service.Service):
483b06 
         elif self.config_pkinit:
483b06 
             self.issue_ipa_ca_signed_pkinit_certs()
483b06
483b06 
-    def test_anonymous_pkinit(self):
483b06 
-        with ipautil.private_ccache() as anon_ccache:
483b06 
-            try:
483b06 
-                ipautil.run([paths.KINIT, '-n', '-c', anon_ccache])
483b06 
-            except ipautil.CalledProcessError:
483b06 
-                raise RuntimeError("Failed to configure anonymous PKINIT")
483b06 
-
483b06 
     def enable_ssl(self):
483b06 
         """
483b06 
         generate PKINIT certificate for KDC. If `--no-pkinit` was specified,
483b06 
@@ -496,8 +489,6 @@ class KrbInstance(service.Service):
483b06 
             self.steps = []
483b06 
             self.step("installing X509 Certificate for PKINIT",
483b06 
                       self.setup_pkinit)
483b06 
-            self.step("testing anonymous PKINIT", self.test_anonymous_pkinit)
483b06 
-
483b06 
             self.start_creation()
483b06 
         else:
483b06 
             self.issue_selfsigned_pkinit_certs()
483b06 
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
483b06 
index 8da918114066598ec5a74098d85dfef06d22bf86..0f27428dd492bb44dd8c69a7e7f47abb531843f5 100644
483b06 
--- a/ipaserver/install/server/upgrade.py
483b06 
+++ b/ipaserver/install/server/upgrade.py
483b06 
@@ -1507,7 +1507,6 @@ def setup_pkinit(krb):
483b06 
     if krb.is_running():
483b06 
         krb.stop()
483b06 
     krb.start()
483b06 
-    krb.test_anonymous_pkinit()
483b06
483b06
483b06 
 def disable_httpd_system_trust(http):
483b06 
--
483b06 
2.12.2
483b06

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation