[Ovirt-devel] [PATCH] remove ovirtadmin keytab

Steve Linabery slinabery at redhat.com
Mon Aug 18 20:38:28 UTC 2008 

On Mon, Aug 18, 2008 at 10:15:28PM +0200, Alan Pevec wrote:
> ipa-getkeytab randomizes the password, so it wasn't possible to
> login as ovirtadmin using browser basic auth
> ---
>  wui-appliance/wui-devel.ks    |    5 +----
>  wui/scripts/ovirt-wui-install |    6 ++----
>  2 files changed, 3 insertions(+), 8 deletions(-)
> 
> diff --git a/wui-appliance/wui-devel.ks b/wui-appliance/wui-devel.ks
> index 5729b60..66927be 100644
> --- a/wui-appliance/wui-devel.ks
> +++ b/wui-appliance/wui-devel.ks
> @@ -45,7 +45,6 @@ principal=ovirtadmin
>  realm=PRIV.OVIRT.ORG
>  password=ovirt
>  cron_file=/etc/cron.hourly/ovirtadmin.cron
> -ktab_file=/usr/share/ovirt-wui/ovirtadmin.tab
>  
>  # automatically refresh the kerberos ticket every hour (we'll create the
>  # principal on first-boot)
> @@ -53,7 +52,7 @@ cat > $cron_file << EOF
>  #!/bin/bash
>  export PATH=/usr/kerberos/bin:$PATH
>  kdestroy
> -kinit -k -t $ktab_file $principal@$realm
> +echo $password | kinit $principal@$realm
>  EOF
>  chmod 755 $cron_file
>  
> @@ -128,7 +127,6 @@ sed -e "s, at cron_file@,$cron_file," \
>      -e "s, at principal@,$principal," \
>      -e "s, at realm@,$realm," \
>      -e "s, at password@,$password,g" \
> -    -e "s, at ktab_file@,$ktab_file," \
>     > $first_run_file << \EOF
>  #!/bin/bash
>  #
> @@ -175,7 +173,6 @@ LDAP
>  	# make ovitadmin also an IPA admin
>  	ipa-modgroup -a ovirtadmin admins
>  	ipa-moduser --setattr krbPasswordExpiration=19700101000000Z @principal@
> -	ipa-getkeytab -s management.priv.ovirt.org -p @principal@ -k @ktab_file@
>  	@cron_file@
>  
>  	) > /var/log/ovirt-wui-dev-first-run.log 2>&1
> diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
> index c39364c..8580134 100755
> --- a/wui/scripts/ovirt-wui-install
> +++ b/wui/scripts/ovirt-wui-install
> @@ -189,10 +189,8 @@ mkdir -p log
>  rake db:migrate
>  cd -
>  
> -if [ -f ${OVIRT_DIR}/ovirtadmin.tab ]; then
> -    ${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
> -    [ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
> -fi
> +${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
> +[ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
>  
>  ovirt-add-host $(hostname) ${OVIRT_DIR}/ovirt.keytab
>  
> -- 
> 1.5.4.1
> 
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel

OK, this one *really* works for me. ACK. I see no other instance of the string "ovirtadmin.tab" in the source tree.

More information about the ovirt-devel mailing list