mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Better system keytab checking for client
This commit is contained in:
parent
c5a0b34b0a
commit
216af460cf
@ -138,7 +138,9 @@ def certidude_request(fork, renew):
|
|||||||
endpoint_revocations_path = "/var/lib/certidude/%s/ca_crl.pem" % authority
|
endpoint_revocations_path = "/var/lib/certidude/%s/ca_crl.pem" % authority
|
||||||
# TODO: Create directories automatically
|
# TODO: Create directories automatically
|
||||||
|
|
||||||
|
system_keytab_required = False
|
||||||
if clients.get(authority, "trigger") == "domain joined":
|
if clients.get(authority, "trigger") == "domain joined":
|
||||||
|
system_keytab_required = True
|
||||||
if not os.path.exists("/etc/krb5.keytab"):
|
if not os.path.exists("/etc/krb5.keytab"):
|
||||||
continue
|
continue
|
||||||
elif clients.get(authority, "trigger") != "interface up":
|
elif clients.get(authority, "trigger") != "interface up":
|
||||||
@ -173,6 +175,7 @@ def certidude_request(fork, renew):
|
|||||||
try:
|
try:
|
||||||
certidude_request_certificate(
|
certidude_request_certificate(
|
||||||
authority,
|
authority,
|
||||||
|
system_keytab_required,
|
||||||
endpoint_key_path,
|
endpoint_key_path,
|
||||||
endpoint_request_path,
|
endpoint_request_path,
|
||||||
endpoint_certificate_path,
|
endpoint_certificate_path,
|
||||||
|
@ -26,7 +26,7 @@ def selinux_fixup(path):
|
|||||||
cmd = "chcon", "--type=home_cert_t", path
|
cmd = "chcon", "--type=home_cert_t", path
|
||||||
subprocess.call(cmd)
|
subprocess.call(cmd)
|
||||||
|
|
||||||
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
|
def certidude_request_certificate(server, system_keytab_required, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
|
||||||
"""
|
"""
|
||||||
Exchange CSR for certificate using Certidude HTTP API server
|
Exchange CSR for certificate using Certidude HTTP API server
|
||||||
"""
|
"""
|
||||||
@ -189,7 +189,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
return
|
return
|
||||||
|
|
||||||
# If machine is joined to domain attempt to present machine credentials for authentication
|
# If machine is joined to domain attempt to present machine credentials for authentication
|
||||||
if os.path.exists("/etc/krb5.keytab"):
|
if system_keytab_required:
|
||||||
os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
|
os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
|
||||||
# If Samba configuration exists assume NetBIOS name was used in keytab
|
# If Samba configuration exists assume NetBIOS name was used in keytab
|
||||||
if os.path.exists("/etc/samba/smb.conf"):
|
if os.path.exists("/etc/samba/smb.conf"):
|
||||||
|
Loading…
Reference in New Issue
Block a user