IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

server certinstall: update KDC master entry

Browse Source 
After the KDC certificate is installed, add the PKINIT enabled flag to the
KDC master entry.

https://pagure.io/freeipa/issue/7000

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Jan Cholasta 2017-06-05 12:35:52 +00:00 committed by Martin Babinsky
parent 8ef4888af7
commit e131905f3e
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ipaserver/install/ipa_server_certinstall.py
View File

@ -34,7 +34,7 @@ from ipapython.certdb import (get_ca_nickname,
verify_kdc_cert_validity)
from ipapython.dn import DN
from ipalib import api, errors
from ipaserver.install import certs, dsinstance, installutils
from ipaserver.install import certs, dsinstance, installutils, krbinstance
class ServerCertInstall(admintool.AdminTool):
@ -223,6 +223,13 @@ class ServerCertInstall(admintool.AdminTool):
except RuntimeError as e:
raise admintool.ScriptError(str(e))
krb = krbinstance.KrbInstance()
krb.init_info(
realm_name=api.env.realm,
host_name=api.env.host,
)
krb.pkinit_enable()
def check_chain(self, pkcs12_filename, pkcs12_pin, nssdb):
# create a temp nssdb
with NSSDatabase() as tempnssdb: