mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
Don't move KRA keys when key backup is disabled
The KRA_BACKUP_KEYS_P12 file is not enabled when pki_backup_keys is set to False. This is the case IPA is configured with HSM support. With an HSM you don't export private keys. Related: https://pagure.io/freeipa/issue/7677 Related: https://pagure.io/freeipa/issue/9273 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
parent
73d52a6135
commit
e3234708ac
@ -234,7 +234,10 @@ class KRAInstance(DogtagInstance):
|
||||
os.remove(cfg_file)
|
||||
os.remove(admin_p12_file)
|
||||
|
||||
shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12)
|
||||
if config.getboolean(
|
||||
self.subsystem, 'pki_backup_keys', fallback=True
|
||||
):
|
||||
shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12)
|
||||
logger.debug("completed creating KRA instance")
|
||||
|
||||
def __create_kra_agent(self):
|
||||
|
Loading…
Reference in New Issue
Block a user