search

yast / yast-auth-server

GNU General Public License v2.0
5 stars 9 forks source link

Password file for KDC not generated by YaST #62

Open ersaxp opened 4 years ago

ersaxp commented 4 years ago

File new_krb_inst.rb

Line 182:

Make common and KDC configuration files

This has to occur the PW files else the default realm is not known

to the pwstash command below.

pass_file_path = '/var/lib/kerberos/krb5kdc/ldap.creds'

Line 196:

Create password file for KDC

MITKerberos.append_to_log('Generating KRBADM/KDC Passwords to %s' % pass_file_path)
out, ok = MITKerberos.save_password_into_file(kdc_dn, kdc_pass, pass_file_path)
MITKerberos.append_to_log('%s' % out)
if !ok
  Popup.Error(_('Failed to create password file! Log output may be found in /var/log/YaST/y2log'))
  UI.ReplaceWidget(Id(:busy), Empty())
  return
end
out, ok = MITKerberos.save_password_into_file(admin_dn, admin_pass, pass_file_path)
MITKerberos.append_to_log('%s' % out)
if !ok
  Popup.Error(_('Failed to create password file! Log output may be found in /var/log/YaST/y2log'))
  UI.ReplaceWidget(Id(:busy), Empty())
  return
end

Upon completion of the YaST script, I have a running krb5kdc service and a running kadmind service, but no password file in the location mentioned in the above script. I don't know if this will be a problem without further testing.

ancorgs commented 3 years ago

Since the yast2-auth-server package is developed and maintained by the Samba Team at SUSE, instead of the core YaST Team, I'm adding the "other-maintainer" label to this in order to help filtering the various list of issues.