IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kra-install: exit if ca_host is overriden

Browse Source 
ipa-kra-install should exit if ca_host line is present
in /etc/ipa/default.conf, as it may lead to a misconfigured
setup.

Fixes: https://pagure.io/freeipa/issue/8245
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Antonio Torres 2021-03-05 13:48:50 +01:00
parent 8a4a338c09
commit 718099af5b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaserver/install/kra.py
View File

@ -53,6 +53,11 @@ def install_check(api, replica_config, options):
"KRA is not installed on the master system. Please use "
"'ipa-kra-install' command to install the first instance.")
if api.env.ca_host is not None and api.env.ca_host != api.env.host:
raise RuntimeError(
"KRA can not be installed when 'ca_host' is overriden in "
"IPA configuration file.")
def install(api, replica_config, options, custodia):
if replica_config is None: