[Ovirt-devel] [PATCH] remove ovirtadmin keytab
Alan Pevec
apevec at redhat.com
Mon Aug 18 10:15:13 UTC 2008
ipa-getkeytab randomizes the password, so it wasn't possible to
login as ovirtadmin using browser basic auth
---
wui-appliance/wui-devel.ks | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/wui-appliance/wui-devel.ks b/wui-appliance/wui-devel.ks
index 5729b60..66927be 100644
--- a/wui-appliance/wui-devel.ks
+++ b/wui-appliance/wui-devel.ks
@@ -45,7 +45,6 @@ principal=ovirtadmin
realm=PRIV.OVIRT.ORG
password=ovirt
cron_file=/etc/cron.hourly/ovirtadmin.cron
-ktab_file=/usr/share/ovirt-wui/ovirtadmin.tab
# automatically refresh the kerberos ticket every hour (we'll create the
# principal on first-boot)
@@ -53,7 +52,7 @@ cat > $cron_file << EOF
#!/bin/bash
export PATH=/usr/kerberos/bin:$PATH
kdestroy
-kinit -k -t $ktab_file $principal@$realm
+echo $password | kinit $principal@$realm
EOF
chmod 755 $cron_file
@@ -128,7 +127,6 @@ sed -e "s, at cron_file@,$cron_file," \
-e "s, at principal@,$principal," \
-e "s, at realm@,$realm," \
-e "s, at password@,$password,g" \
- -e "s, at ktab_file@,$ktab_file," \
> $first_run_file << \EOF
#!/bin/bash
#
@@ -175,7 +173,6 @@ LDAP
# make ovitadmin also an IPA admin
ipa-modgroup -a ovirtadmin admins
ipa-moduser --setattr krbPasswordExpiration=19700101000000Z @principal@
- ipa-getkeytab -s management.priv.ovirt.org -p @principal@ -k @ktab_file@
@cron_file@
) > /var/log/ovirt-wui-dev-first-run.log 2>&1
--
1.5.4.1
More information about the ovirt-devel
mailing list