IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update krb5.conf during ipa-adtrust-install

Browse Source 
https://fedorahosted.org/freeipa/ticket/2515
This commit is contained in:
Sumit Bose
2012-09-07 12:40:58 +02:00
committed by Rob Crittenden
parent 0d31833317
commit d0f672c131
1 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
ipaserver/install/adtrustinstance.py
View File

@@ -36,8 +36,11 @@ from ipapython.ipa_log_manager import *
from ipapython import services as ipaservices from ipapython import services as ipaservices
from ipapython.dn import DN from ipapython.dn import DN
import ipaclient.ipachangeconf
import string import string
import struct import struct
import re
ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits
@@ -100,6 +103,7 @@ class ADTRUSTInstance(service.Service):
def __init__(self, fstore=None): def __init__(self, fstore=None):
self.fqdn = None self.fqdn = None
self.ip_address = None self.ip_address = None
self.realm = None
self.domain_name = None self.domain_name = None
self.netbios_name = None self.netbios_name = None
self.no_msdcs = None self.no_msdcs = None
@@ -410,6 +414,63 @@ class ADTRUSTInstance(service.Service):
except: except:
self.print_msg(SELINUX_WARNING % dict(var=','.join(sebools))) self.print_msg(SELINUX_WARNING % dict(var=','.join(sebools)))
def __mod_krb5_conf(self):
"""
Set dns_lookup_kdc to true and master_kdc in /etc/krb5.conf
"""
if not self.fqdn or not self.realm:
self.print_msg("Cannot modify /etc/krb5.conf")
krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
krbconf.setOptionAssignment(" = ")
krbconf.setSectionNameDelimiters(("[", "]"))
krbconf.setSubSectionDelimiters(("{", "}"))
krbconf.setIndent(("", " ", " "))
libopts = [{'name':'dns_lookup_kdc', 'type':'option', 'action':'set',
'value':'true'}]
master_kdc = self.fqdn + ":88"
kropts = [{'name':'master_kdc', 'type':'option', 'action':'set',
'value':master_kdc}]
ropts = [{'name':self.realm, 'type':'subsection', 'action':'set',
'value':kropts}]
opts = [{'name':'libdefaults', 'type':'section', 'action':'set',
'value':libopts},
{'name':'realms', 'type':'section', 'action':'set',
'value':ropts}]
krbconf.changeConf("/etc/krb5.conf", opts)
def __update_krb5_conf(self):
"""
Update /etc/krb5.conf if needed
"""
try:
krb5conf = open("/etc/krb5.conf", 'r')
except IOError, e:
self.print_msg("Cannot open /etc/krb5.conf (%s)\n" % str(e))
return
has_dns_lookup_kdc_true = False
for line in krb5conf:
if re.match("^\s*dns_lookup_kdc\s*=\s*[Tt][Rr][Uu][Ee]\s*$", line):
has_dns_lookup_kdc_true = True
break
krb5conf.close()
if not has_dns_lookup_kdc_true:
self.__mod_krb5_conf()
else:
self.print_msg("'dns_lookup_kdc' already set to 'true', "
"nothing to do.")
def __start(self): def __start(self):
try: try:
self.start() self.start()
@@ -541,6 +602,7 @@ class ADTRUSTInstance(service.Service):
self.step("adding cifs Kerberos principal", self.__setup_principal) self.step("adding cifs Kerberos principal", self.__setup_principal)
self.step("adding admin(group) SIDs", self.__add_admin_sids) self.step("adding admin(group) SIDs", self.__add_admin_sids)
self.step("adding RID bases", self.__add_rid_bases) self.step("adding RID bases", self.__add_rid_bases)
self.step("updating Kerberos config", self.__update_krb5_conf)
self.step("activating CLDAP plugin", self.__add_cldap_module) self.step("activating CLDAP plugin", self.__add_cldap_module)
self.step("activating sidgen plugin and task", self.__add_sidgen_module) self.step("activating sidgen plugin and task", self.__add_sidgen_module)
self.step("activating extdom plugin", self.__add_extdom_module) self.step("activating extdom plugin", self.__add_extdom_module)