Merge.

ipa-server/ipa-gui/ipagui/subcontrollers/principal.py

@@ -125,28 +125,6 @@ class PrincipalController(IPAController):
 
         return dict(principals=principals, hostname=hostname, fields=ipagui.forms.principal.PrincipalFields())
 
-    @expose()
-    @identity.require(identity.not_anonymous())
-    def show(self, **kw):
-        """Returns the keytab for a given principal"""
-        client = self.get_ipaclient()
-
-        principal = kw.get('principal')
-        if principal != None and len(principal) > 0:
-            try:
-                p = principal.split('@')
-                keytab = client.get_keytab(p[0].encode('utf-8'))
-
-                cherrypy.response.headers['Content-Type'] = "application/x-download"
-                cherrypy.response.headers['Content-Disposition'] = 'attachment; filename=krb5.keytab'
-                cherrypy.response.headers['Content-Length'] = len(keytab)
-                cherrypy.response.body = keytab
-                return cherrypy.response.body
-            except ipaerror.IPAError, e:
-                turbogears.flash("keytab retrieval failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
-                raise turbogears.redirect("/principal/list")
-        raise turbogears.redirect("/principal/list")
-
     @validate(form=principal_new_form)
     @identity.require(identity.not_anonymous())
     def principalcreatevalidate(self, tg_errors=None, **kw):

ipa-server/ipa-gui/ipagui/templates/principallist.kid

@@ -16,14 +16,6 @@
         <script type="text/javascript">
             document.getElementById("hostname").focus();
         </script>
-        <script type="text/javascript">
-            function confirmDownload() {
-              if (confirm("Are you sure you want to download this principal? It will reset the secret, invalidating any existing keytabs")) {
-                return true;
-              }
-              return false;
-            }
-        </script>
     </div>
     <div py:if='(principals != None) and (len(principals) > 0)'>
         <h2>${len(principals)} results returned:</h2>
@@ -41,8 +33,7 @@
           <tbody>
             <tr py:for="principal in principals">
                 <td>
-                    <a href="${tg.url('/principal/show',principal=principal.krbprincipalname)}" onclick="return confirmDownload();"
+                    ${principal.hostname}
-                    >${principal.hostname}</a>
                 </td>
                 <td>
                     ${principal.service}

ipa-server/xmlrpc-server/funcs.py

@@ -1785,39 +1785,6 @@ class IPAServer:
 
         return entries
 
-    def get_keytab(self, name, opts=None):
-        """Return a keytab for an existing service principal. Note that
-           this increments the secret thus invalidating any older keys."""
-        if not name:
-            raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
-
-        princ_name = name + "@" + self.realm
-
-        conn = self.getConnection(opts)
-
-        if conn.principal != "admin@" + self.realm:
-            raise ipaerror.gen_exception(ipaerror.CONNECTION_GSSAPI_CREDENTIALS)
-
-        try:
-            try:
-                princs = conn.getList(self.basedn, self.scope, "krbprincipalname=" + princ_name, None)
-            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
-                return None
-        finally:
-            self.releaseConnection(conn)
-
-
-        # This is ugly - call out to a C wrapper around kadmin.local
-        p = subprocess.Popen(["/usr/sbin/ipa-keytab-util", princ_name, self.realm],
-                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        stdout,stderr = p.communicate()
-
-        if p.returncode != 0:
-            return None
-
-        return stdout
-        
-        
 
 # Configuration support
     def get_ipa_config(self, opts=None):