[Ovirt-devel] [PATCH] remove ovirtadmin keytab

Alan Pevec apevec at redhat.com
Mon Aug 18 20:15:28 UTC 2008 

ipa-getkeytab randomizes the password, so it wasn't possible to
login as ovirtadmin using browser basic auth
---
 wui-appliance/wui-devel.ks    |    5 +----
 wui/scripts/ovirt-wui-install |    6 ++----
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/wui-appliance/wui-devel.ks b/wui-appliance/wui-devel.ks
index 5729b60..66927be 100644
--- a/wui-appliance/wui-devel.ks
+++ b/wui-appliance/wui-devel.ks
@@ -45,7 +45,6 @@ principal=ovirtadmin
 realm=PRIV.OVIRT.ORG
 password=ovirt
 cron_file=/etc/cron.hourly/ovirtadmin.cron
-ktab_file=/usr/share/ovirt-wui/ovirtadmin.tab
 
 # automatically refresh the kerberos ticket every hour (we'll create the
 # principal on first-boot)
@@ -53,7 +52,7 @@ cat > $cron_file << EOF
 #!/bin/bash
 export PATH=/usr/kerberos/bin:$PATH
 kdestroy
-kinit -k -t $ktab_file $principal@$realm
+echo $password | kinit $principal@$realm
 EOF
 chmod 755 $cron_file
 
@@ -128,7 +127,6 @@ sed -e "s, at cron_file@,$cron_file," \
     -e "s, at principal@,$principal," \
     -e "s, at realm@,$realm," \
     -e "s, at password@,$password,g" \
-    -e "s, at ktab_file@,$ktab_file," \
    > $first_run_file << \EOF
 #!/bin/bash
 #
@@ -175,7 +173,6 @@ LDAP
 	# make ovitadmin also an IPA admin
 	ipa-modgroup -a ovirtadmin admins
 	ipa-moduser --setattr krbPasswordExpiration=19700101000000Z @principal@
-	ipa-getkeytab -s management.priv.ovirt.org -p @principal@ -k @ktab_file@
 	@cron_file@
 
 	) > /var/log/ovirt-wui-dev-first-run.log 2>&1
diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
index c39364c..8580134 100755
--- a/wui/scripts/ovirt-wui-install
+++ b/wui/scripts/ovirt-wui-install
@@ -189,10 +189,8 @@ mkdir -p log
 rake db:migrate
 cd -
 
-if [ -f ${OVIRT_DIR}/ovirtadmin.tab ]; then
-    ${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
-    [ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
-fi
+${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
+[ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
 
 ovirt-add-host $(hostname) ${OVIRT_DIR}/ovirt.keytab
 
-- 
1.5.4.1

More information about the ovirt-devel mailing list