freeipa

Clone
Source Code
GIT

4660bb7 Add custodia store for lightweight CA key replication

2 files Authored by ftweedal 7 years ago, Committed by jcholast 7 years ago,
raw patch tree parent
2 files changed. 57 lines added. 0 lines removed.
ipaplatform/base/paths.py
file modified
+1 -0
ipapython/secrets/store.py
file modified
+56 -0 
    Add custodia store for lightweight CA key replication
    
    Due to limitations in Dogtag's use of NSSDB, importing private keys
    must be done by the Dogtag Java process itself.  This requires a
    PKIArchiveOptions format (signing key wrapped with host CA key) -
    PKCS #12 cannot be used because that would require decrypting the
    key in Dogtag's memory, albeit temporarily.
    
    Add a new custodia store that executes a 'pki' command to acquire
    the wrapped key.
    
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>
file modified
+1 -0
file modified
+56 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.