mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
CAless installation: set the perms on KDC cert file
In CA less installation, the KDC certificate file does not have the expected 644 permissions. As a consequence, WebUI login fails. The fix makes sure that the KDC cert file is saved with 644 perms. Fixes: https://pagure.io/freeipa/issue/8440 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
0a3c98d236
commit
9335bd9299
@ -536,6 +536,8 @@ class KrbInstance(service.Service):
|
||||
certs.install_pem_from_p12(self.pkcs12_info[0],
|
||||
self.pkcs12_info[1],
|
||||
paths.KDC_CERT)
|
||||
# The KDC cert needs to be readable by everyone
|
||||
os.chmod(paths.KDC_CERT, 0o644)
|
||||
certs.install_key_from_p12(self.pkcs12_info[0],
|
||||
self.pkcs12_info[1],
|
||||
paths.KDC_KEY)
|
||||
|
Loading…
Reference in New Issue
Block a user