Create kadm5.acl if it doesn't exist

kadmind doesn't start without it, and Debian doesn't ship it by default. Fixes: https://pagure.io/freeipa/issue/7553 Reviewed-By: Stanislav Laznicka <[email protected]> Reviewed-By: Christian Heimes <[email protected]>
anodos325 · May 29, 2018 · 0030118 · 0030118
1 parent 172df67
commit 0030118
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
@@ -299,6 +299,11 @@ def __setup_sub_dict(self):
             logger.debug("Persistent keyring CCACHE is not enabled")
             self.sub_dict['OTHER_LIBDEFAULTS'] = ''
 
+        # Create kadm5.acl if it doesn't exist
+        if not os.path.exists(paths.KRB5KDC_KADM5_ACL):
+            open(paths.KRB5KDC_KADM5_ACL, 'a').close()
+            os.chmod(paths.KRB5KDC_KADM5_ACL, 0o600)
+
     def __add_krb_container(self):
         self._ldap_mod("kerberos.ldif", self.sub_dict)