rpms / ipa

Clone
Source Code
GIT

Files

  1.   8ec14dc11079a095c5f2874f98023a3508e0d46b
  2.   SOURCES
  3.   0106-Do-not-test-anonymous-PKINIT-after-install-upgrade.patch
Blob Blame History Raw 
From 60412d08baa5a6836e505428a8b9bc73bdce0353 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Tue, 25 Apr 2017 19:12:51 +0200
Subject: [PATCH] Do not test anonymous PKINIT after install/upgrade

Local FAST armoring will now work regardless of PKINIT status so there
is no need to explicitly test for working PKINIT. If there is, there
should be a test case for that.

https://pagure.io/freeipa/issue/6830

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
---
 ipaserver/install/krbinstance.py    | 9 ---------
 ipaserver/install/server/upgrade.py | 1 -
 2 files changed, 10 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index ad3475f95371c9ae17c8b0ac082039c041d5c64c..76ac3029ca6d1cbdd85c6ced6272c6f9a21f04a1 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -475,13 +475,6 @@ class KrbInstance(service.Service):
         elif self.config_pkinit:
             self.issue_ipa_ca_signed_pkinit_certs()
 
-    def test_anonymous_pkinit(self):
-        with ipautil.private_ccache() as anon_ccache:
-            try:
-                ipautil.run([paths.KINIT, '-n', '-c', anon_ccache])
-            except ipautil.CalledProcessError:
-                raise RuntimeError("Failed to configure anonymous PKINIT")
-
     def enable_ssl(self):
         """
         generate PKINIT certificate for KDC. If `--no-pkinit` was specified,
@@ -496,8 +489,6 @@ class KrbInstance(service.Service):
             self.steps = []
             self.step("installing X509 Certificate for PKINIT",
                       self.setup_pkinit)
-            self.step("testing anonymous PKINIT", self.test_anonymous_pkinit)
-
             self.start_creation()
         else:
             self.issue_selfsigned_pkinit_certs()
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 8da918114066598ec5a74098d85dfef06d22bf86..0f27428dd492bb44dd8c69a7e7f47abb531843f5 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1507,7 +1507,6 @@ def setup_pkinit(krb):
     if krb.is_running():
         krb.stop()
     krb.start()
-    krb.test_anonymous_pkinit()
 
 
 def disable_httpd_system_trust(http):
-- 
2.12.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation