CAless installation: set the perms on KDC cert file

In CA less installation, the KDC certificate file does not have
the expected 644 permissions. As a consequence, WebUI login
fails.

The fix makes sure that the KDC cert file is saved with 644 perms.

Fixes: https://pagure.io/freeipa/issue/8440
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2020-08-03 18:52:07 +02:00 committed by Rob Crittenden
parent 0a3c98d236
commit 9335bd9299

View File

@ -536,6 +536,8 @@ class KrbInstance(service.Service):
certs.install_pem_from_p12(self.pkcs12_info[0],
self.pkcs12_info[1],
paths.KDC_CERT)
# The KDC cert needs to be readable by everyone
os.chmod(paths.KDC_CERT, 0o644)
certs.install_key_from_p12(self.pkcs12_info[0],
self.pkcs12_info[1],
paths.KDC_KEY)