Force combined keytab ownership

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2026-04-27 20:12:54 +08:00 · 2016-12-20 05:26:30 +00:00
parent a3203b9950
commit 0464676294
1 changed files with 8 additions and 0 deletions
--- a/playbooks/groups/ipa.yml
+++ b/playbooks/groups/ipa.yml
@@ -60,6 +60,14 @@
    tags:
    - krb5
    - ipa/server
+  - name: Set owner and permissions on combined keytab
+    file: path="/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined"
+          owner=apache
+          group=apache
+          mode=0600
+    tags:
+    - krb5
+    - ipa/server
  # original: /etc/httpd/conf/ipa.keytab
  - name: Make IPA HTTP use the combined keytab
    lineinfile: dest=/etc/httpd/conf.d/ipa.conf