Use private ccache in ipa install tools

All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666
2025-02-25 18:55:28 -06:00 · 2013-06-03 12:06:06 +02:00
parent e31eea3268
commit 6f51f92138
5 changed files with 44 additions and 16 deletions
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -28,6 +28,7 @@ import shutil
 from ConfigParser import SafeConfigParser, NoOptionError
 import traceback
 import textwrap
+from contextlib import contextmanager

 from dns import resolver, rdatatype
 from dns.exception import DNSException
@@ -753,3 +754,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
                (pkcs12_filename, e))

        return server_cert_name
+
+
+@contextmanager
+def private_ccache():
+
+    (desc, path) = tempfile.mkstemp(prefix='krbcc')
+    os.close(desc)
+
+    original_value = os.environ.get('KRB5CCNAME', None)
+
+    os.environ['KRB5CCNAME'] = path
+
+    yield
+
+    if original_value is not None:
+        os.environ['KRB5CCNAME'] = original_value
+    else:
+        os.environ.pop('KRB5CCNAME')
+
+    if os.path.exists(path):
+        os.remove(path)