ac7d03
From f6cac267e99c6f47ca6b78568182a82d48a6bb4c Mon Sep 17 00:00:00 2001
ac7d03
From: Stanislav Laznicka <slaznick@redhat.com>
ac7d03
Date: Wed, 31 May 2017 14:14:34 +0200
ac7d03
Subject: [PATCH] kdc.key should not be visible to all
ac7d03
ac7d03
While the world certainly is interested in our privates, we
ac7d03
should not just go ahead and show it to them.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6973
ac7d03
ac7d03
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ac7d03
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ac7d03
---
ac7d03
 ipalib/install/certmonger.py | 4 ++--
ac7d03
 1 file changed, 2 insertions(+), 2 deletions(-)
ac7d03
ac7d03
diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py
ac7d03
index ad031a738f4397d230ed131bde6ac7ddb7ef6fdb..c286996ee2318e241b4af190d1a01f42e28aa9f3 100644
ac7d03
--- a/ipalib/install/certmonger.py
ac7d03
+++ b/ipalib/install/certmonger.py
ac7d03
@@ -370,8 +370,8 @@ def request_cert(
ac7d03
         request_parameters['cert-postsave-command'] = post_command
ac7d03
 
ac7d03
     if perms:
ac7d03
-        request_parameters['key-perms'] = perms[0]
ac7d03
-        request_parameters['cert-perms'] = perms[1]
ac7d03
+        request_parameters['cert-perms'] = perms[0]
ac7d03
+        request_parameters['key-perms'] = perms[1]
ac7d03
 
ac7d03
     result = cm.obj_if.add_request(request_parameters)
ac7d03
     try:
ac7d03
-- 
ac7d03
2.9.4
ac7d03