From f6cac267e99c6f47ca6b78568182a82d48a6bb4c Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Wed, 31 May 2017 14:14:34 +0200
Subject: [PATCH] kdc.key should not be visible to all

While the world certainly is interested in our privates, we
should not just go ahead and show it to them.

https://pagure.io/freeipa/issue/6973

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipalib/install/certmonger.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py
index ad031a738f4397d230ed131bde6ac7ddb7ef6fdb..c286996ee2318e241b4af190d1a01f42e28aa9f3 100644
--- a/ipalib/install/certmonger.py
+++ b/ipalib/install/certmonger.py
@@ -370,8 +370,8 @@ def request_cert(
         request_parameters['cert-postsave-command'] = post_command
 
     if perms:
-        request_parameters['key-perms'] = perms[0]
-        request_parameters['cert-perms'] = perms[1]
+        request_parameters['cert-perms'] = perms[0]
+        request_parameters['key-perms'] = perms[1]
 
     result = cm.obj_if.add_request(request_parameters)
     try:
-- 
2.9.4