mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
9c3fad9cef
When requesting certificate for KDC profile, make sure its public part is actually readable to others. Fixes https://pagure.io/freeipa/issue/6973 Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
28 lines
663 B
Python
Executable File
28 lines
663 B
Python
Executable File
#!/usr/bin/python2 -E
|
|
#
|
|
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
import syslog
|
|
import traceback
|
|
|
|
from ipaplatform import services
|
|
from ipaserver.install import certs
|
|
|
|
|
|
def main():
|
|
with certs.renewal_lock:
|
|
try:
|
|
if services.knownservices.krb5kdc.is_running():
|
|
syslog.syslog(syslog.LOG_NOTICE, 'restarting krb5kdc')
|
|
services.knownservices.krb5kdc.restart()
|
|
except Exception as e:
|
|
syslog.syslog(
|
|
syslog.LOG_ERR, "cannot restart krb5kdc: {}".format(e))
|
|
|
|
|
|
try:
|
|
main()
|
|
except Exception:
|
|
syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
|