Generate master password from Simo.

This commit is contained in:
Karl MacMillan 0001-01-01 00:00:00 +00:00
parent 7ce4df7038
commit 67cddce4d4
4 changed files with 17 additions and 27 deletions

View File

@ -23,6 +23,8 @@ import string
import tempfile
import logging
import subprocess
from random import Random
from time import gmtime
import os
import stat
import socket
@ -331,3 +333,13 @@ def parse_generalized_time(timestr):
except ValueError:
return None
def ipa_generate_password():
rndpwd = ''
r = Random()
r.seed(gmtime())
for x in range(12):
# rndpwd += chr(r.randint(32,126))
rndpwd += chr(r.randint(65,90)) #stricter set for testing
return rndpwd

View File

@ -232,17 +232,6 @@ def read_dm_password():
dm_password = read_password("Directory Manager")
return dm_password
def read_master_password():
print "The Kerberos database is usually encrypted using a master password."
print "Please store this password offline in a secure place."
print "It may be necessary in a recovery situation or to install a replica."
print "Without the master password the encrypted material can't be used by the KDC."
print "If the master password is lost all kerberos related secrets will also be lost."
print ""
#TODO: provide the option of generating a random password
master_password = read_password("Kerberos master")
return master_password
def read_admin_password():
print "The IPA server requires an administrative user, named 'admin'."
print "This user is a regular system account used for IPA server administration."
@ -381,7 +370,7 @@ def main():
dm_password = options.dm_password
if not options.master_password:
master_password = read_master_password()
master_password = ipa_generate_password()
else:
master_password = options.master_password

View File

@ -26,8 +26,6 @@ import logging
import fileinput
import re
import sys
from random import Random
from time import gmtime
import os
import pwd
import socket
@ -54,15 +52,6 @@ def host_to_domain(fqdn):
s = fqdn.split(".")
return ".".join(s[1:])
def generate_kdc_password():
rndpwd = ''
r = Random()
r.seed(gmtime())
for x in range(12):
# rndpwd += chr(r.randint(32,126))
rndpwd += chr(r.randint(65,90)) #stricter set for testing
return rndpwd
def ldap_mod(fd, dn, pwd):
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
run(args)
@ -101,7 +90,7 @@ class KrbInstance(service.Service):
self.ip = socket.gethostbyname(host_name)
self.domain = host_to_domain(host_name)
self.suffix = realm_to_suffix(self.realm)
self.kdc_password = generate_kdc_password()
self.kdc_password = ipa_generate_password()
self.admin_password = admin_password
self.__setup_sub_dict()

View File

@ -51,9 +51,9 @@ DefaultUserContainer = "cn=users,cn=accounts"
DefaultGroupContainer = "cn=groups,cn=accounts"
# FIXME: need to check the ipadebug option in ipa.conf
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s',
stream=sys.stderr)
#logging.basicConfig(level=logging.DEBUG,
# format='%(asctime)s %(levelname)s %(message)s',
# stream=sys.stderr)
#
# Apache runs in multi-process mode so each process will have its own