rpms / ipa

Clone
Source Code
GIT

Files

  1.   b78ab8aa0c5acf4c35b15609c7133cfd9ef9c5a6
  2.   SOURCES
  3.   0036-Fix-ipa-replica-install-when-key-not-protected-by-PI.patch
Blob Blame History Raw 
From 42bb4ee747a2f22db756bd037b2b0044853bb41d Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Tue, 21 Nov 2017 14:49:46 +0100
Subject: [PATCH] Fix ipa-replica-install when key not protected by PIN

When ipa-replica-install is called in a CA-less environment, the certs,
keys and pins need to be provided with --{http|dirsrv|pkinit}-cert-file and
--{http|dirsrv|pkinit}-pin. If the pin is not provided in the CLI options,
and in interactive mode, the installer prompts for the PIN.
The issue happens when the keys are not protected by any PIN, the installer
does not accept an empty string and keeps on asking for a PIN.

The fix makes sure that the installer accepts an empty PIN. A similar fix
was done for ipa-server-install in
https://pagure.io/freeipa/c/4ee426a68ec60370eee6f5aec917ecce444840c7

Fixes:
https://pagure.io/freeipa/issue/7274

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
 ipaserver/install/server/replicainstall.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 42c723b57699340d7dfa67f581ab7d4d4fdcf551..396d6089449225cc83aa28552a2009b9057e65ab 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1057,7 +1057,7 @@ def promote_check(installer):
         if options.http_pin is None:
             options.http_pin = installutils.read_password(
                 "Enter Apache Server private key unlock",
-                confirm=False, validate=False)
+                confirm=False, validate=False, retry=False)
             if options.http_pin is None:
                 raise ScriptError(
                     "Apache Server private key unlock password required")
@@ -1073,7 +1073,7 @@ def promote_check(installer):
         if options.dirsrv_pin is None:
             options.dirsrv_pin = installutils.read_password(
                 "Enter Directory Server private key unlock",
-                confirm=False, validate=False)
+                confirm=False, validate=False, retry=False)
             if options.dirsrv_pin is None:
                 raise ScriptError(
                     "Directory Server private key unlock password required")
@@ -1089,7 +1089,7 @@ def promote_check(installer):
         if options.pkinit_pin is None:
             options.pkinit_pin = installutils.read_password(
                 "Enter Kerberos KDC private key unlock",
-                confirm=False, validate=False)
+                confirm=False, validate=False, retry=False)
             if options.pkinit_pin is None:
                 raise ScriptError(
                     "Kerberos KDC private key unlock password required")
-- 
2.17.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation