diff --git a/freeipa.spec.in b/freeipa.spec.in old mode 100644 new mode 100755 index 5d89c5cec..bedf0fb4d --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -956,6 +956,8 @@ if [ $1 -gt 1 ] ; then cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem fi + + %{__python3} -c 'from ipaclient.install.client import configure_krb5_snippet; configure_krb5_snippet()' >>/var/log/ipaupgrade.log 2>&1 fi if [ $restore -ge 2 ]; then diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 1e88ba1d4..37f31c8aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -597,13 +597,9 @@ def hardcode_ldap_server(cli_server): "hardcoded server name: %s", cli_server[0]) -def configure_krb5_conf( - cli_realm, cli_domain, cli_server, cli_kdc, dnsok, - filename, client_domain, client_hostname, force=False, - configure_sssd=True): - - # First, write a snippet to krb5.conf.d. Currently this doesn't support - # templating, but that could be changed in the future. +# Currently this doesn't support templating, but that could be changed in the +# future. Note that this function is also called from %post. +def configure_krb5_snippet(): template = os.path.join( paths.USR_SHARE_IPA_CLIENT_DIR, os.path.basename(paths.KRB5_FREEIPA) + ".template" @@ -611,6 +607,16 @@ def configure_krb5_conf( shutil.copy(template, paths.KRB5_FREEIPA) os.chmod(paths.KRB5_FREEIPA, 0o644) + tasks.restore_context(paths.KRB5_FREEIPA) + + +def configure_krb5_conf( + cli_realm, cli_domain, cli_server, cli_kdc, dnsok, + filename, client_domain, client_hostname, force=False, + configure_sssd=True): + # First, write a snippet to krb5.conf.d. + configure_krb5_snippet() + # Then, perform the rest of our configuration into krb5.conf itself. krbconf = IPAChangeConf("IPA Installer") krbconf.setOptionAssignment((" = ", " "))