ipa-client-install: create a temporary directory for ccache files

gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format in credential cache' error when a name of an existing zero-length file is passed as a ccache parameter. Use temporary directory instead and let GSSAPI to create file-based ccache on demand. https://fedorahosted.org/freeipa/ticket/5528 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-12-14 14:28:41 +01:00 · 2015-12-14 14:28:41 +01:00 · 5886f87f97
commit 5886f87f97
parent c4b9b295d8
1 changed files with 3 additions and 3 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -2578,8 +2578,8 @@ def install(options, env, fstore, statestore):
                root_logger.error("Test kerberos configuration failed")
                return CLIENT_INSTALL_ERROR
            env['KRB5_CONFIG'] = krb_name
-            (ccache_fd, ccache_name) = tempfile.mkstemp()
-            os.close(ccache_fd)
+            ccache_dir = tempfile.mkdtemp(prefix='krbcc')
+            ccache_name = os.path.join(ccache_dir, 'ccache')
            join_args = [paths.SBIN_IPA_JOIN,
                         "-s", cli_server[0],
                         "-b", str(realm_to_suffix(cli_realm)),
@ -2727,7 +2727,7 @@ def install(options, env, fstore, statestore):
            except OSError:
                root_logger.error("Could not remove %s", krb_name)
            try:
-                os.remove(ccache_name)
+                os.rmdir(ccache_dir)
            except OSError:
                pass
            try: