mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Generate master password from Simo.
This commit is contained in:
parent
7ce4df7038
commit
67cddce4d4
@ -23,6 +23,8 @@ import string
|
||||
import tempfile
|
||||
import logging
|
||||
import subprocess
|
||||
from random import Random
|
||||
from time import gmtime
|
||||
import os
|
||||
import stat
|
||||
import socket
|
||||
@ -331,3 +333,13 @@ def parse_generalized_time(timestr):
|
||||
except ValueError:
|
||||
return None
|
||||
|
||||
|
||||
def ipa_generate_password():
|
||||
rndpwd = ''
|
||||
r = Random()
|
||||
r.seed(gmtime())
|
||||
for x in range(12):
|
||||
# rndpwd += chr(r.randint(32,126))
|
||||
rndpwd += chr(r.randint(65,90)) #stricter set for testing
|
||||
return rndpwd
|
||||
|
||||
|
@ -232,17 +232,6 @@ def read_dm_password():
|
||||
dm_password = read_password("Directory Manager")
|
||||
return dm_password
|
||||
|
||||
def read_master_password():
|
||||
print "The Kerberos database is usually encrypted using a master password."
|
||||
print "Please store this password offline in a secure place."
|
||||
print "It may be necessary in a recovery situation or to install a replica."
|
||||
print "Without the master password the encrypted material can't be used by the KDC."
|
||||
print "If the master password is lost all kerberos related secrets will also be lost."
|
||||
print ""
|
||||
#TODO: provide the option of generating a random password
|
||||
master_password = read_password("Kerberos master")
|
||||
return master_password
|
||||
|
||||
def read_admin_password():
|
||||
print "The IPA server requires an administrative user, named 'admin'."
|
||||
print "This user is a regular system account used for IPA server administration."
|
||||
@ -381,7 +370,7 @@ def main():
|
||||
dm_password = options.dm_password
|
||||
|
||||
if not options.master_password:
|
||||
master_password = read_master_password()
|
||||
master_password = ipa_generate_password()
|
||||
else:
|
||||
master_password = options.master_password
|
||||
|
||||
|
@ -26,8 +26,6 @@ import logging
|
||||
import fileinput
|
||||
import re
|
||||
import sys
|
||||
from random import Random
|
||||
from time import gmtime
|
||||
import os
|
||||
import pwd
|
||||
import socket
|
||||
@ -54,15 +52,6 @@ def host_to_domain(fqdn):
|
||||
s = fqdn.split(".")
|
||||
return ".".join(s[1:])
|
||||
|
||||
def generate_kdc_password():
|
||||
rndpwd = ''
|
||||
r = Random()
|
||||
r.seed(gmtime())
|
||||
for x in range(12):
|
||||
# rndpwd += chr(r.randint(32,126))
|
||||
rndpwd += chr(r.randint(65,90)) #stricter set for testing
|
||||
return rndpwd
|
||||
|
||||
def ldap_mod(fd, dn, pwd):
|
||||
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
|
||||
run(args)
|
||||
@ -101,7 +90,7 @@ class KrbInstance(service.Service):
|
||||
self.ip = socket.gethostbyname(host_name)
|
||||
self.domain = host_to_domain(host_name)
|
||||
self.suffix = realm_to_suffix(self.realm)
|
||||
self.kdc_password = generate_kdc_password()
|
||||
self.kdc_password = ipa_generate_password()
|
||||
self.admin_password = admin_password
|
||||
|
||||
self.__setup_sub_dict()
|
||||
|
@ -51,9 +51,9 @@ DefaultUserContainer = "cn=users,cn=accounts"
|
||||
DefaultGroupContainer = "cn=groups,cn=accounts"
|
||||
|
||||
# FIXME: need to check the ipadebug option in ipa.conf
|
||||
logging.basicConfig(level=logging.DEBUG,
|
||||
format='%(asctime)s %(levelname)s %(message)s',
|
||||
stream=sys.stderr)
|
||||
#logging.basicConfig(level=logging.DEBUG,
|
||||
# format='%(asctime)s %(levelname)s %(message)s',
|
||||
# stream=sys.stderr)
|
||||
|
||||
#
|
||||
# Apache runs in multi-process mode so each process will have its own
|
||||
|
Loading…
Reference in New Issue
Block a user