From f6cac267e99c6f47ca6b78568182a82d48a6bb4c Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 31 May 2017 14:14:34 +0200 Subject: [PATCH] kdc.key should not be visible to all While the world certainly is interested in our privates, we should not just go ahead and show it to them. https://pagure.io/freeipa/issue/6973 Reviewed-By: Martin Babinsky Reviewed-By: Alexander Bokovoy --- ipalib/install/certmonger.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py index ad031a738f4397d230ed131bde6ac7ddb7ef6fdb..c286996ee2318e241b4af190d1a01f42e28aa9f3 100644 --- a/ipalib/install/certmonger.py +++ b/ipalib/install/certmonger.py @@ -370,8 +370,8 @@ def request_cert( request_parameters['cert-postsave-command'] = post_command if perms: - request_parameters['key-perms'] = perms[0] - request_parameters['cert-perms'] = perms[1] + request_parameters['cert-perms'] = perms[0] + request_parameters['key-perms'] = perms[1] result = cm.obj_if.add_request(request_parameters) try: -- 2.9.4