IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

use a constant instead of /var/lib/sss/keytabs

Browse Source 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy
2021-01-22 17:29:15 +02:00
committed by Rob Crittenden
parent ae7cd4702d
commit 54e5ffc000
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
install/oddjob/com.redhat.idm.trust-fetch-domains.in
View File

@@ -178,7 +178,9 @@ api.Backend.ldap2.connect(ccache_name)
# Retrieve own NetBIOS name and trusted forest's name. # Retrieve own NetBIOS name and trusted forest's name.
# We use script's input to retrieve the trusted forest's name to sanitize input # We use script's input to retrieve the trusted forest's name to sanitize input
# for file-level access as we might need to wipe out keytab in /var/lib/sss/keytabs # for file-level access as we might need to wipe out keytab in
# paths.SSSD_KEYTABS_DIR
own_trust_dn = DN( own_trust_dn = DN(
("cn", api.env.domain), ("cn", "ad"), ("cn", "etc"), api.env.basedn ("cn", api.env.domain), ("cn", "ad"), ("cn", "etc"), api.env.basedn
) )
@@ -200,7 +202,7 @@ rc = 0
# to take precedence. # to take precedence.
with ipautil.private_krb5_config(trusted_domain, options.server) as cfg_file: with ipautil.private_krb5_config(trusted_domain, options.server) as cfg_file:
if not (options.admin and options.password): if not (options.admin and options.password):
oneway_keytab_name = os.path.join("/var/lib/sss/keytabs/", oneway_keytab_name = os.path.join(paths.SSSD_KEYTABS_DIR,
trusted_domain + ".keytab") trusted_domain + ".keytab")
oneway_principal = str( oneway_principal = str(

1
ipaplatform/base/paths.py
View File

@@ -346,6 +346,7 @@ class BasePathNamespace:
SSSD_PUBCONF_DIR = "/var/lib/sss/pubconf" SSSD_PUBCONF_DIR = "/var/lib/sss/pubconf"
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts" SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/" SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
SSSD_KEYTABS_DIR = "/var/lib/sss/keytabs"
VAR_LOG_AUDIT = "/var/log/audit/audit.log" VAR_LOG_AUDIT = "/var/log/audit/audit.log"
VAR_LOG_HTTPD_DIR = "/var/log/httpd" VAR_LOG_HTTPD_DIR = "/var/log/httpd"
VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log" VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log"

4
ipatests/pytest_ipa/integration/tasks.py
View File

@@ -1018,8 +1018,8 @@ def uninstall_master(host, ignore_topology_disconnect=True,
paths.IPA_RENEWAL_LOCK, paths.IPA_RENEWAL_LOCK,
paths.REPLICA_INFO_GPG_TEMPLATE % host.hostname], paths.REPLICA_INFO_GPG_TEMPLATE % host.hostname],
raiseonerr=False) raiseonerr=False)
host.run_command("find /var/lib/sss/keytabs -name '*.keytab' | " host.run_command("find %s -name '*.keytab' | "
"xargs rm -fv", raiseonerr=False) "xargs rm -fv" % paths.SSSD_KEYTABS_DIR, raiseonerr=False)
host.run_command("find /run/ipa -name 'krb5*' | xargs rm -fv", host.run_command("find /run/ipa -name 'krb5*' | xargs rm -fv",
raiseonerr=False) raiseonerr=False)
if clean: if clean: