URL: https://github.com/freeipa/freeipa/pull/450 Author: stlaz Title: #450: Add FIPS-token password of HTTPD NSS database Action: opened
PR body: """ This change is required for httpd to function properly in FIPS https://fedorahosted.org/freeipa/ticket/5695 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/450/head:pr450 git checkout pr450
From 57e65fe8cab8580222f690f84affe1ce14d15263 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 9 Jan 2017 08:45:33 +0100 Subject: [PATCH] Add FIPS-token password of HTTPD NSS database This change is required for httpd to function properly in FIPS https://fedorahosted.org/freeipa/ticket/5695 --- ipaserver/install/certs.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 80918d4..cc1cda5 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -43,6 +43,7 @@ from ipalib.text import _ from ipaplatform.constants import constants from ipaplatform.paths import paths +from ipaplatform.tasks import tasks # Apache needs access to this database so we need to create it # where apache can reach @@ -504,7 +505,11 @@ def create_password_conf(self): f = open(self.pwd_conf, "w") f.write("internal:") pwdfile = open(self.passwd_fname) - f.write(pwdfile.read()) + password = pwdfile.read() + f.write(password) + if tasks.is_fips_enabled(): + f.write("\nNSS FIPS 140-2 Certificate DB:") + f.write(password) f.close() pwdfile.close() self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
