freeipa

Clone
Source Code
GIT

b0d9a47 Setup lightweight CA key retrieval on install/upgrade

10 files Authored by ftweedal 7 years ago, Committed by jcholast 7 years ago,
raw patch tree parent
10 files changed. 119 lines added. 8 lines removed.
freeipa.spec.in
file modified
+4 -3
install/share/bootstrap-template.ldif
file modified
+6 -0
install/tools/Makefile.am
file modified
+1 -0
install/tools/ipa-pki-retrieve-key
file added
+32
install/updates/73-custodia.update
file modified
+5 -0
ipalib/constants.py
file modified
+1 -0
ipaserver/install/ca.py
file modified
+8 -1
ipaserver/install/cainstance.py
file modified
+56 -0
ipaserver/install/server/install.py
file modified
+3 -3
ipaserver/install/server/upgrade.py
file modified
+3 -1 
    Setup lightweight CA key retrieval on install/upgrade
    
    Add the ipa-pki-retrieve-key helper program and configure
    lightweight CA key replication on installation and upgrade.  The
    specific configuration steps are:
    
    - Add the 'dogtag/$HOSTNAME' service principal
    - Create the pricipal's Custodia keys
    - Retrieve the principal's keytab
    - Configure Dogtag's CS.cfg to use ExternalProcessKeyRetriever
      to invoke ipa-pki-retrieve-key for key retrieval
    
    Also bump the minimum version of Dogtag to 10.3.2.
    
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>
file modified
+4 -3
file modified
+6 -0
file modified
+1 -0
file added
+32
file modified
+5 -0
file modified
+1 -0
file modified
+8 -1
file modified
+56 -0
file modified
+3 -3
file modified
+3 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.