From ce3baf28ce81458e1c5bf57188858d3d120ec3dd Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Feb 22 2017 17:50:30 +0000 Subject: httpinstance: re-use parent's methods to retrieve anonymous keytab https://fedorahosted.org/freeipa/ticket/6638 Reviewed-By: Martin Basti Reviewed-By: Alexander Bokovoy --- diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 435130b..7979ca1 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -317,12 +317,15 @@ class HTTPInstance(service.Service): parent = os.path.dirname(paths.ANON_KEYTAB) if not os.path.exists(parent): os.makedirs(parent, 0o755) + + self.clean_previous_keytab(keytab=paths.ANON_KEYTAB) self.run_getkeytab(self.api.env.ldap_uri, paths.ANON_KEYTAB, ANON_USER) pent = pwd.getpwnam(IPAAPI_USER) os.chmod(parent, 0o700) os.chown(parent, pent.pw_uid, pent.pw_gid) - os.chown(paths.ANON_KEYTAB, pent.pw_uid, pent.pw_gid) + + self.set_keytab_owner(keytab=paths.ANON_KEYTAB, owner=IPAAPI_USER) def create_password_conf(self): """