From c1b49645c22b91aff51a29e715e29c5df7a0892a Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 11 May 2017 07:40:40 +0000 Subject: [PATCH] replica install: respect --pkinit-cert-file When --pkinit-cert-file is used, make sure the certificate and key is actually passed to `KrbInstance`. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Babinsky --- ipaserver/install/server/replicainstall.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6f71f0b51812943fea3fb1c576a0174c739a070b..b30133ffa22d410452ae04624d49db209175bed9 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -113,12 +113,13 @@ def install_replica_ds(config, options, ca_is_configured, remote_api, return ds -def install_krb(config, setup_pkinit=False, promote=False): +def install_krb(config, setup_pkinit=False, pkcs12_info=None, promote=False): krb = krbinstance.KrbInstance() # pkinit files - pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12", - "pkinit_pin.txt") + if pkcs12_info is None: + pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12", + "pkinit_pin.txt") krb.create_replica(config.realm_name, config.master_host_name, config.host_name, @@ -1350,6 +1351,7 @@ def install(installer): cafile = installer._ca_file dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info http_pkcs12_info = installer._http_pkcs12_info + pkinit_pkcs12_info = installer._pkinit_pkcs12_info remote_api = installer._remote_api conn = remote_api.Backend.ldap2 @@ -1430,6 +1432,7 @@ def install(installer): krb = install_krb( config, setup_pkinit=not options.no_pkinit, + pkcs12_info=pkinit_pkcs12_info, promote=promote) # we now need to enable ssl on the ds -- 2.9.4