IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

First working version

Browse Source
This commit is contained in:
Simo Sorce
2007-06-29 11:30:10 -04:00
parent 820479471e
commit 26feac8e08
3 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ipa-install/README
View File

@@ -1,5 +1,16 @@
Required packages: Required packages:
krb5-server krb5-server
fedora-ds-base fedora-ds-base
openldap-clients openldap-clients
krb5-server-ldap
Installation example:
cd ipa-install
make install
cd ..
/usr/sbin/ipa-server-install -r FREEIPA.ORG -a rc1.freeipa.org -p freeipa -m ipafree

4
ipa-install/src/ipa/dsinstance.py
View File

@@ -40,7 +40,7 @@ def generate_serverid():
def realm_to_suffix(realm_name): def realm_to_suffix(realm_name):
s = realm_name.split(".") s = realm_name.split(".")
terms = ["dc=" + x for x in s] terms = ["dc=" + x.lower() for x in s]
return ",".join(terms) return ",".join(terms)
def template_str(txt, vars): def template_str(txt, vars):
@@ -93,7 +93,7 @@ class DsInstance:
def create_instance(self, realm_name, host_name, admin_password): def create_instance(self, realm_name, host_name, admin_password):
self.serverid = generate_serverid() self.serverid = generate_serverid()
self.realm_name = realm_name self.realm_name = realm_name.upper()
self.host_name = host_name self.host_name = host_name
self.admin_password = admin_password self.admin_password = admin_password
self.__setup_sub_dict() self.__setup_sub_dict()

21
ipa-install/src/ipa/krbinstance.py
View File

@@ -30,7 +30,7 @@ SHARE_DIR = "/usr/share/ipa/"
def realm_to_suffix(realm_name): def realm_to_suffix(realm_name):
s = realm_name.split(".") s = realm_name.split(".")
terms = ["dc=" + x for x in s] terms = ["dc=" + x.lower() for x in s]
return ",".join(terms) return ",".join(terms)
def generate_kdc_password(): def generate_kdc_password():
@@ -38,7 +38,8 @@ def generate_kdc_password():
r = Random() r = Random()
r.seed(gmtime()) r.seed(gmtime())
for x in range(12): for x in range(12):
rndpwd += chr(r.randint(32,126)) # rndpwd += chr(r.randint(32,126))
rndpwd += chr(r.randint(65,90)) #stricter set for testing
return rndpwd return rndpwd
def template_str(txt, vars): def template_str(txt, vars):
@@ -82,18 +83,21 @@ class KrbInstance:
self.sub_dict = None self.sub_dict = None
def create_instance(self, realm_name, host_name, admin_password, master_password): def create_instance(self, realm_name, host_name, admin_password, master_password):
self.realm_name = realm_name self.realm_name = realm_name.upper()
self.host_name = host_name self.host_name = host_name
self.admin_password = admin_password self.admin_password = admin_password
self.master_password = master_password self.master_password = master_password
self.suffix = realm_to_suffix(self.realm_name) self.suffix = realm_to_suffix(self.realm_name)
self.kdc_password = generate_kdc_password() self.kdc_password = generate_kdc_password()
self.__configure_kdc_account_password()
self.__setup_sub_dict() self.__setup_sub_dict()
self.__configure_ldap() self.__configure_ldap()
self.__create_instance() self.__create_instance()
self.start() self.start()
def stop(self): def stop(self):
@@ -111,12 +115,15 @@ class KrbInstance:
hexpwd += (hex(ord(x))[2:]) hexpwd += (hex(ord(x))[2:])
pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "a+") pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "a+")
pwd_fd.write("uid=kdc,cn=kerberos,"+self.suffix+"#{HEX}"+hexpwd+"\n") pwd_fd.write("uid=kdc,cn=kerberos,"+self.suffix+"#{HEX}"+hexpwd+"\n")
pwd_fd.write("#test:"+self.kdc_password+"\n")
pwd_fd.close() pwd_fd.close()
def __setup_sub_dict(self): def __setup_sub_dict(self):
#FIXME: can DOMAIN be different than REALM ?
self.sub_dict = dict(FQHN=self.host_name, self.sub_dict = dict(FQHN=self.host_name,
PASSWORD=self.kdc_password, PASSWORD=self.kdc_password,
SUFFIX=self.suffix, SUFFIX=self.suffix,
DOMAIN= self.realm_name.lower(),
REALM=self.realm_name) REALM=self.realm_name)
def __configure_ldap(self): def __configure_ldap(self):
@@ -125,17 +132,13 @@ class KrbInstance:
kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict) kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict)
kerberos_fd = write_tmp_file(kerberos_txt) kerberos_fd = write_tmp_file(kerberos_txt)
ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password) ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
name = kerberos_fd.name
kerberos_fd.close() kerberos_fd.close()
os.unlink(name)
#Change the default ACL to avoid anonimous access to kerberos keys and othe hashes #Change the default ACL to avoid anonimous access to kerberos keys and othe hashes
aci_txt = template_file(SHARE_DIR + "default_aci.ldif", self.sub_dict) aci_txt = template_file(SHARE_DIR + "default-aci.ldif", self.sub_dict)
aci_fd = write_tmp_file(aci_txt) aci_fd = write_tmp_file(aci_txt)
ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password) ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
name = aci_fd.name
aci_fd.close() aci_fd.close()
os.unlink(name)
def __create_instance(self): def __create_instance(self):
kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict) kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict)
@@ -149,5 +152,5 @@ class KrbInstance:
krb5_fd.close() krb5_fd.close()
#populate the directory with the realm structure #populate the directory with the realm structure
args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"] args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"]
run(args) run(args)