Issue #5136: trust-fetch-domains: Do not chown keytab to the sssd user - freeipa

freeipa

#5136 trust-fetch-domains: Do not chown keytab to the sssd user

Closed: Fixed None Opened 8 years ago by tbabej.

Currently, in the com.redhat.idm.trust-fetch-domains, we chown the retrieved keytab to the sssd user:

    # Make sure SSSD is able to read the keytab
    sssd = pwd.getpwnam('sssd')
    os.chown(oneway_keytab_name, sssd[2], sssd[3])

However, if sssd user does not exist, sssd is not running under the sssd user (and therefore cannot access the keytab). We should use root:root in such case.

tbabej commented 8 years ago

master:

c6a1bd5 oddjob: avoid chown keytab to sssd if sssd user does not exist

ipa-4-2:

d7f91dc oddjob: avoid chown keytab to sssd if sssd user does not exist

jcholast commented 8 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1246132

Metadata Update from @tbabej:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.2.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1246132

tester

None

changelog

None

design

None

freeipa

Source Code

#5136 trust-fetch-domains: Do not chown keytab to the sssd user Closed: Fixed None Opened 8 years ago by tbabej.

Metadata

#5136 trust-fetch-domains: Do not chown keytab to the sssd user

Closed: Fixed None Opened 8 years ago by tbabej.