https://fedorahosted.org/freeipa/ticket/5343
-- t
From 5798e8c04e716bc6fad01c8ea87473a1859eea28 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen <tjaal...@debian.org> Date: Wed, 23 Mar 2016 00:32:52 +0200 Subject: [PATCH] Fix kdc.conf.template to use ipaplatform.paths. https://fedorahosted.org/freeipa/ticket/5343 --- install/share/kdc.conf.template | 10 +++++----- ipaplatform/base/paths.py | 3 +++ ipaserver/install/krbinstance.py | 7 ++++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template index 0a51162..296b75b 100644 --- a/install/share/kdc.conf.template +++ b/install/share/kdc.conf.template @@ -8,10 +8,10 @@ master_key_type = aes256-cts max_life = 7d max_renewable_life = 14d - acl_file = /var/kerberos/krb5kdc/kadm5.acl - dict_file = /usr/share/dict/words + acl_file = $KRB5KDC_KADM5_ACL + dict_file = $DICT_WORDS default_principal_flags = +preauth -; admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab - pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem - pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem +; admin_keytab = $KRB5KDC_KADM5_KEYTAB + pkinit_identity = FILE:$KDC_PEM + pkinit_anchors = FILE:$CACERT_PEM } diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 6f5806d..1b79015 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -237,10 +237,13 @@ class BasePathNamespace(object): SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif" IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins" UPDATES_DIR = "/usr/share/ipa/updates/" + DICT_WORDS = "/usr/share/dict/words" CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions" VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/" VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5." CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem" + KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl" + KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab" KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf" KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem" VAR_LIB = "/var/lib" diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 03e3ed8..f560a6e 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -221,7 +221,12 @@ class KrbInstance(service.Service): DOMAIN=self.domain, HOST=self.host, SERVER_ID=installutils.realm_to_serverid(self.realm), - REALM=self.realm) + REALM=self.realm, + KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL, + DICT_WORDS=paths.DICT_WORDS, + KRB5KDC_KADM5_KEYTAB=paths.KRB5KDC_KADM5_KEYTAB, + KDC_PEM=paths.KDC_PEM, + CACERT_PEM=paths.CACERT_PEM) # IPA server/KDC is not a subdomain of default domain # Proper domain-realm mapping needs to be specified -- 2.7.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
