IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Make sure we don't keep around old keys.

Browse Source 
Fixes problem changing passwords seen only on servers where
re-installations where performed (and old secrets piled up)
This commit is contained in:
Simo Sorce 2007-12-11 12:25:58 -05:00
parent 75493763f6
commit 4f0b215414
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipa-server/ipaserver/krbinstance.py
View File

@ -383,6 +383,11 @@ class KrbInstance(service.Service):
def __export_kadmin_changepw_keytab(self): def __export_kadmin_changepw_keytab(self):
self.step("exporting the kadmin keytab") self.step("exporting the kadmin keytab")
try:
if file_exists("/var/kerberos/krb5kdc/kpasswd.keytab"):
os.remove("/var/kerberos/krb5kdc/kpasswd.keytab")
except os.error:
logging.critical("Failed to remove /var/kerberos/krb5kdc/kpasswd.keytab.")
(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
kwrite.flush() kwrite.flush()