IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Retrieve the CA certificate before starting enrollment.

Browse Source 
We need the CA certificate so we can use SSL when binding with a
one-time password (bulk enrollment)
This commit is contained in:
Rob Crittenden 2010-06-11 11:02:29 -04:00
parent ebab635250
commit 4ca95a0cbf
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ipa-client/ipa-install/ipa-client-install
View File

@ -539,6 +539,15 @@ def main():
if options.principal is None and options.password is None and options.prompt_password is False: if options.principal is None and options.password is None and options.prompt_password is False:
options.principal = user_input("Principal", allow_empty=False) options.principal = user_input("Principal", allow_empty=False)
# Get the CA certificate
try:
# Remove anything already there so that wget doesn't use its
# too-clever renaming feature
os.remove("/etc/ipa/ca.crt")
except:
pass
run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server])
if not options.on_master: if not options.on_master:
# First test out the kerberos configuration # First test out the kerberos configuration
try: try:
@ -621,8 +630,6 @@ def main():
return 1 return 1
print "Configured /etc/ldap.conf" print "Configured /etc/ldap.conf"
# Get the CA certificate
run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server])
# Add the CA to the default NSS database and trust it # Add the CA to the default NSS database and trust it
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])