Re: [Freeipa-devel] [PATCH 0015] use ipaplatform.paths in kdc.conf.template

2016-03-23 Thread Martin Basti 



On 23.03.2016 13:14, David Kupka wrote:

On 23/03/16 00:30, Timo Aaltonen wrote:


https://fedorahosted.org/freeipa/ticket/5343




Thanks for the patch, works for me, ACK.


Pushed to:
master: b793c9049ec1bf72eb7d3395e9221b229237171b
ipa-4-3: d09b8f05fdc3dbe8a5dde3e2c529fb62ea2a503c

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0015] use ipaplatform.paths in kdc.conf.template

2016-03-23 Thread David Kupka 

On 23/03/16 00:30, Timo Aaltonen wrote:


https://fedorahosted.org/freeipa/ticket/5343




Thanks for the patch, works for me, ACK.

--
David Kupka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0015] use ipaplatform.paths in kdc.conf.template

2016-03-22 Thread Timo Aaltonen 

https://fedorahosted.org/freeipa/ticket/5343

-- 
t
From 5798e8c04e716bc6fad01c8ea87473a1859eea28 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Wed, 23 Mar 2016 00:32:52 +0200
Subject: [PATCH] Fix kdc.conf.template to use ipaplatform.paths.

https://fedorahosted.org/freeipa/ticket/5343
---
 install/share/kdc.conf.template  | 10 +-
 ipaplatform/base/paths.py|  3 +++
 ipaserver/install/krbinstance.py |  7 ++-
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 0a51162..296b75b 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -8,10 +8,10 @@
   master_key_type = aes256-cts
   max_life = 7d
   max_renewable_life = 14d
-  acl_file = /var/kerberos/krb5kdc/kadm5.acl
-  dict_file = /usr/share/dict/words
+  acl_file = $KRB5KDC_KADM5_ACL
+  dict_file = $DICT_WORDS
   default_principal_flags = +preauth
-;  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
-  pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
-  pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
+;  admin_keytab = $KRB5KDC_KADM5_KEYTAB
+  pkinit_identity = FILE:$KDC_PEM
+  pkinit_anchors = FILE:$CACERT_PEM
  }
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 6f5806d..1b79015 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -237,10 +237,13 @@ class BasePathNamespace(object):
 SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
 IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
 UPDATES_DIR = "/usr/share/ipa/updates/"
+DICT_WORDS = "/usr/share/dict/words"
 CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
 VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/"
 VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5."
 CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem"
+KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
+KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
 KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
 KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
 VAR_LIB = "/var/lib"
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 03e3ed8..f560a6e 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -221,7 +221,12 @@ class KrbInstance(service.Service):
  DOMAIN=self.domain,
  HOST=self.host,
  SERVER_ID=installutils.realm_to_serverid(self.realm),
- REALM=self.realm)
+ REALM=self.realm,
+ KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
+ DICT_WORDS=paths.DICT_WORDS,
+ KRB5KDC_KADM5_KEYTAB=paths.KRB5KDC_KADM5_KEYTAB,
+ KDC_PEM=paths.KDC_PEM,
+ CACERT_PEM=paths.CACERT_PEM)
 
 # IPA server/KDC is not a subdomain of default domain
 # Proper domain-realm mapping needs to be specified
-- 
2.7.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code