-
Notifications
You must be signed in to change notification settings - Fork 27
/
host.py
42 lines (32 loc) · 1.13 KB
/
host.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
#
import gssapi
import logging
import os
import tempfile
from ipahealthcheck.ipa.plugin import IPAPlugin, registry
from ipahealthcheck.core.plugin import Result, duration
from ipahealthcheck.core import constants
from ipalib import api
from ipalib.install.kinit import kinit_keytab
from ipaplatform.paths import paths
from ipapython import ipautil
logger = logging.getLogger()
@registry
class IPAHostKeytab(IPAPlugin):
"""Ensure the host keytab can get a TGT"""
requires = ('krb5kdc',)
@duration
def check(self):
ccache_dir = tempfile.mkdtemp()
ccache_name = os.path.join(ccache_dir, 'ccache')
try:
try:
host_princ = str('host/%s@%s' % (api.env.host, api.env.realm))
kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
except gssapi.exceptions.GSSError as e:
yield Result(self, constants.ERROR,
msg='Failed to obtain host TGT: %s' % e)
finally:
ipautil.remove_file(ccache_name)
os.rmdir(ccache_dir)