IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

smart-card-advises: ensure that krb5-pkinit is installed on client

Browse Source 
This library is a prerequisite for successful Smart Card authentication
on the client. The client-side advise should make sure this dependency
is present.

https://pagure.io/freeipa/issue/7036

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Martin Babinsky
2017-06-28 09:49:18 +02:00
committed by Martin Basti
parent e0cf7090f3
commit 53c5c0ad7b
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipaserver/advise/plugins/smart_card_auth.py
View File

@@ -256,6 +256,7 @@ class config_client_for_smart_card_auth(common_smart_card_auth_config):
self.check_ccache_not_empty() self.check_ccache_not_empty()
self.check_and_remove_pam_pkcs11() self.check_and_remove_pam_pkcs11()
self.install_opensc_and_dconf_packages() self.install_opensc_and_dconf_packages()
self.install_krb5_client_dependencies()
self.start_enable_smartcard_daemon() self.start_enable_smartcard_daemon()
self.add_pkcs11_module_to_systemwide_db() self.add_pkcs11_module_to_systemwide_db()
self.upload_smartcard_ca_certificates_to_systemwide_db() self.upload_smartcard_ca_certificates_to_systemwide_db()
@@ -281,6 +282,12 @@ class config_client_for_smart_card_auth(common_smart_card_auth_config):
['Could not install OpenSC package'] ['Could not install OpenSC package']
) )
def install_krb5_client_dependencies(self):
self.log.exit_on_failed_command(
'yum install -y krb5-pkinit-openssl',
['Failed to install Kerberos client PKINIT extensions.']
)
def start_enable_smartcard_daemon(self): def start_enable_smartcard_daemon(self):
self.log.command( self.log.command(
'systemctl start {service} {socket} ' 'systemctl start {service} {socket} '