12216fc83f
The OTP patches add basic support for TOTP and Radius. The 389-ds patch sets KRB5CCNAME in /etc/sysconfig/dirsrv so it can get a usable ccache.
77 lines
2.9 KiB
Diff
77 lines
2.9 KiB
Diff
From 1be93108c4c1506ea50879d645c47ab6843a6ee1 Mon Sep 17 00:00:00 2001
|
|
From: Martin Kosek <mkosek@redhat.com>
|
|
Date: Tue, 14 May 2013 18:36:50 +0200
|
|
Subject: [PATCH] Set KRB5CCNAME so that dirsrv can work with newer krb5-server
|
|
|
|
The DIR ccache format is now the default in krb5-server 1.11.2-4
|
|
but /run/user/<uid> isn't created for Apache by anything so it
|
|
has no ccache (and it doesn't have SELinux permissions to write here
|
|
either).
|
|
|
|
Use KRB5CCNAME to set a file path instead in /etc/sysconfig/dirsrv.
|
|
|
|
https://fedorahosted.org/freeipa/ticket/3628
|
|
---
|
|
install/tools/ipa-upgradeconfig | 1 +
|
|
ipaserver/install/dsinstance.py | 18 ++++++++++++++++++
|
|
2 files changed, 19 insertions(+)
|
|
|
|
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
|
|
index 8fa9b189a2dc207e2d90ab32131e65fac0f1f9e0..8e9357f20fe7c9a88908def6a2e3b2104f07d73a 100644
|
|
--- a/install/tools/ipa-upgradeconfig
|
|
+++ b/install/tools/ipa-upgradeconfig
|
|
@@ -919,6 +919,7 @@ def main():
|
|
http.configure_httpd_ccache()
|
|
|
|
ds = dsinstance.DsInstance()
|
|
+ ds.configure_dirsrv_ccache()
|
|
|
|
fix_schema_file_syntax(ds)
|
|
|
|
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
|
|
index e6bb054ddad4a0d91d76d4c79eb477913e8776aa..3b841417e717587675d3ac748ec02182b3e14672 100644
|
|
--- a/ipaserver/install/dsinstance.py
|
|
+++ b/ipaserver/install/dsinstance.py
|
|
@@ -26,6 +26,7 @@
|
|
import time
|
|
import tempfile
|
|
import base64
|
|
+import stat
|
|
|
|
from ipapython.ipa_log_manager import *
|
|
from ipapython import ipautil, sysrestore, dogtag, ipaldap
|
|
@@ -213,6 +214,7 @@ def __common_setup(self, enable_ssl=False):
|
|
self.step("configuring certmap.conf", self.__certmap_conf)
|
|
self.step("configure autobind for root", self.__root_autobind)
|
|
self.step("configure new location for managed entries", self.__repoint_managed_entries)
|
|
+ self.step("configure dirsrv ccache", self.configure_dirsrv_ccache)
|
|
self.step("restarting directory server", self.__restart_instance)
|
|
|
|
def __common_post_setup(self):
|
|
@@ -515,6 +517,22 @@ def __config_lockout_module(self):
|
|
def __repoint_managed_entries(self):
|
|
self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict)
|
|
|
|
+ def configure_dirsrv_ccache(self):
|
|
+ pent = pwd.getpwnam("dirsrv")
|
|
+ ccache = '/tmp/krb5cc_%d' % pent.pw_uid
|
|
+ filepath = '/etc/sysconfig/dirsrv'
|
|
+ if not os.path.exists(filepath):
|
|
+ # file doesn't exist; create it with correct ownership & mode
|
|
+ open(filepath, 'a').close()
|
|
+ os.chmod(filepath,
|
|
+ stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
|
|
+ os.chown(filepath, 0, 0)
|
|
+
|
|
+ replacevars = {'KRB5CCNAME': ccache}
|
|
+ old_values = ipautil.backup_config_and_replace_variables(
|
|
+ self.fstore, filepath, replacevars=replacevars)
|
|
+ ipaservices.restore_context(filepath)
|
|
+
|
|
def __managed_entries(self):
|
|
self._ldap_mod("managed-entries.ldif", self.sub_dict)
|
|
|
|
--
|
|
1.8.1.4
|
|
|