Create kadm5.acl if it doesn't exist

kadmind doesn't start without it, and Debian doesn't ship it by default. Fixes: https://pagure.io/freeipa/issue/7553 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-05-21 13:24:03 +03:00 · 2018-05-21 13:24:03 +03:00 · 0030118ddc
commit 0030118ddc
parent 172df673dd
1 changed files with 5 additions and 0 deletions
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@ -299,6 +299,11 @@ class KrbInstance(service.Service):
            logger.debug("Persistent keyring CCACHE is not enabled")
            self.sub_dict['OTHER_LIBDEFAULTS'] = ''

+        # Create kadm5.acl if it doesn't exist
+        if not os.path.exists(paths.KRB5KDC_KADM5_ACL):
+            open(paths.KRB5KDC_KADM5_ACL, 'a').close()
+            os.chmod(paths.KRB5KDC_KADM5_ACL, 0o600)
+
    def __add_krb_container(self):
        self._ldap_mod("kerberos.ldif", self.sub_dict)