Make sure we don't keep around old keys.

Fixes problem changing passwords seen only on servers where re-installations where performed (and old secrets piled up)
2025-02-25 18:55:28 -06:00 · 2007-12-11 12:25:58 -05:00
parent 3defaaf7ba
commit 01131e2a37
1 changed files with 5 additions and 0 deletions
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -383,6 +383,11 @@ class KrbInstance(service.Service):

    def __export_kadmin_changepw_keytab(self):
        self.step("exporting the kadmin keytab")
+        try:
+            if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
+                os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
+        except os.error:
+            logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
        kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
        kwrite.flush()