search

larrabee / freeipa-password-reset

Self-service password reset app for FreeIPA
GNU General Public License v3.0
88 stars 30 forks source link

.keytab is not executing #30

Closed fsadoon closed 4 years ago

fsadoon commented 4 years ago

hi again, the ldap-passwd-reset.keytab isn't renewing the tickets manually,

i believe some cron job is calling it to renew tickets but i can not find that job shall i create something like :

* */2 * * * /usr/bin/kinit ldap-passwd-reset@ipa.local -k -t /opt/data/IPAPasswordReset/ldap-passwd-reset.keytab ?

fsadoon commented 4 years ago

one more thing ! what do you mean by CSRF key? is it my SSH Key ?

larrabee commented 4 years ago

Hello.

  1. Keytab file renewed on request. You can find renew code here: pwdmanager.py#L53
  2. No, CSRF key is random string. You should genare it by openssl openssl rand -base64 64 or use another tool or write a lot of random symbols.
fsadoon commented 4 years ago

thanks a lot ! then no harm of having a cron script runs that every 1 day