[Ovirt-devel] [PATCH] remove ovirtadmin keytab
Steve Linabery
slinabery at redhat.com
Mon Aug 18 20:38:28 UTC 2008
On Mon, Aug 18, 2008 at 10:15:28PM +0200, Alan Pevec wrote:
> ipa-getkeytab randomizes the password, so it wasn't possible to
> login as ovirtadmin using browser basic auth
> ---
> wui-appliance/wui-devel.ks | 5 +----
> wui/scripts/ovirt-wui-install | 6 ++----
> 2 files changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/wui-appliance/wui-devel.ks b/wui-appliance/wui-devel.ks
> index 5729b60..66927be 100644
> --- a/wui-appliance/wui-devel.ks
> +++ b/wui-appliance/wui-devel.ks
> @@ -45,7 +45,6 @@ principal=ovirtadmin
> realm=PRIV.OVIRT.ORG
> password=ovirt
> cron_file=/etc/cron.hourly/ovirtadmin.cron
> -ktab_file=/usr/share/ovirt-wui/ovirtadmin.tab
>
> # automatically refresh the kerberos ticket every hour (we'll create the
> # principal on first-boot)
> @@ -53,7 +52,7 @@ cat > $cron_file << EOF
> #!/bin/bash
> export PATH=/usr/kerberos/bin:$PATH
> kdestroy
> -kinit -k -t $ktab_file $principal@$realm
> +echo $password | kinit $principal@$realm
> EOF
> chmod 755 $cron_file
>
> @@ -128,7 +127,6 @@ sed -e "s, at cron_file@,$cron_file," \
> -e "s, at principal@,$principal," \
> -e "s, at realm@,$realm," \
> -e "s, at password@,$password,g" \
> - -e "s, at ktab_file@,$ktab_file," \
> > $first_run_file << \EOF
> #!/bin/bash
> #
> @@ -175,7 +173,6 @@ LDAP
> # make ovitadmin also an IPA admin
> ipa-modgroup -a ovirtadmin admins
> ipa-moduser --setattr krbPasswordExpiration=19700101000000Z @principal@
> - ipa-getkeytab -s management.priv.ovirt.org -p @principal@ -k @ktab_file@
> @cron_file@
>
> ) > /var/log/ovirt-wui-dev-first-run.log 2>&1
> diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
> index c39364c..8580134 100755
> --- a/wui/scripts/ovirt-wui-install
> +++ b/wui/scripts/ovirt-wui-install
> @@ -189,10 +189,8 @@ mkdir -p log
> rake db:migrate
> cd -
>
> -if [ -f ${OVIRT_DIR}/ovirtadmin.tab ]; then
> - ${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
> - [ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
> -fi
> +${OVIRT_DIR}/script/grant_admin_privileges ovirtadmin
> +[ $? != 0 ] && echo "Failed to grant ovirtadmin privileges" && exit 1
>
> ovirt-add-host $(hostname) ${OVIRT_DIR}/ovirt.keytab
>
> --
> 1.5.4.1
>
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel
OK, this one *really* works for me. ACK. I see no other instance of the string "ovirtadmin.tab" in the source tree.
More information about the ovirt-devel
mailing list