mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ipa-restore must stop tracking PKINIT cert in the preparation phase
ipa-restore calls certmonger to stop tracking the PKI certs, HTTP and DS certs. It must also stop tracking the newly introduced PKINIT cert (stored in /var/kerberos/krb5kdc/kdc.crt). Otherwise the restore operation ends up with PKINIT cert tracked twice and uninstallation fails. https://fedorahosted.org/freeipa/ticket/6570 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
26630db9d0
commit
ceec512b09
@ -41,7 +41,7 @@ from ipaserver.install.cainstance import create_ca_user
|
||||
from ipaserver.install.replication import (wait_for_task, ReplicationManager,
|
||||
get_cs_replication_manager)
|
||||
from ipaserver.install import installutils
|
||||
from ipaserver.install import dsinstance, httpinstance, cainstance
|
||||
from ipaserver.install import dsinstance, httpinstance, cainstance, krbinstance
|
||||
from ipapython import ipaldap
|
||||
import ipapython.errors
|
||||
from ipaplatform.constants import constants
|
||||
@ -821,6 +821,8 @@ class Restore(admintool.AdminTool):
|
||||
# When IPA is not installed, DS NSS DB does not exist
|
||||
pass
|
||||
|
||||
krbinstance.KrbInstance().stop_tracking_certs()
|
||||
|
||||
for basename in ('cert8.db', 'key3.db', 'secmod.db', 'pwdfile.txt'):
|
||||
filename = os.path.join(paths.IPA_NSSDB_DIR, basename)
|
||||
try:
|
||||
|
Loading…
Reference in New Issue
Block a user