mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Add pki_pin only when needed
If both the pki-tomcat NSS database and its password.conf have been created, don't try to override the password.conf file. https://pagure.io/freeipa/issue/6839 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
committed by
Tomas Krizek
parent
6c2772dde5
commit
1aa77fe389
@@ -541,9 +541,13 @@ class CAInstance(DogtagInstance):
|
|||||||
# CA key algorithm
|
# CA key algorithm
|
||||||
config.set("CA", "pki_ca_signing_key_algorithm", self.ca_signing_algorithm)
|
config.set("CA", "pki_ca_signing_key_algorithm", self.ca_signing_algorithm)
|
||||||
|
|
||||||
# generate pin which we know can be used for FIPS NSS database
|
if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
|
||||||
pki_pin = ipautil.ipa_generate_password()
|
os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
|
||||||
config.set("CA", "pki_pin", pki_pin)
|
# generate pin which we know can be used for FIPS NSS database
|
||||||
|
pki_pin = ipautil.ipa_generate_password()
|
||||||
|
config.set("CA", "pki_pin", pki_pin)
|
||||||
|
else:
|
||||||
|
pki_pin = None
|
||||||
|
|
||||||
if self.clone:
|
if self.clone:
|
||||||
|
|
||||||
|
@@ -235,9 +235,13 @@ class KRAInstance(DogtagInstance):
|
|||||||
"KRA", "pki_share_dbuser_dn",
|
"KRA", "pki_share_dbuser_dn",
|
||||||
str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
|
str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
|
||||||
|
|
||||||
# generate pin which we know can be used for FIPS NSS database
|
if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
|
||||||
pki_pin = ipautil.ipa_generate_password()
|
os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
|
||||||
config.set("KRA", "pki_pin", pki_pin)
|
# generate pin which we know can be used for FIPS NSS database
|
||||||
|
pki_pin = ipautil.ipa_generate_password()
|
||||||
|
config.set("KRA", "pki_pin", pki_pin)
|
||||||
|
else:
|
||||||
|
pki_pin = None
|
||||||
|
|
||||||
_p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)
|
_p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user