We need nuxwdog or an equivalent solution for CS 9 This should be an optional config, so that IPA does not need to use it.
Proposed milestone: 10.2.2
Per CS/DS meeting of 12/15/2014: Milestone 10.2.2
Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3
Most of this is done. with the remainder to be moved to 10.2.4
Specifically,
1) it is possible to run with nuxwdog directly as follows:
nuxwdog -f /etc/pki/<instance>/nuxwdog.conf
2) The conf file can be obtained by generating it using /usr/sbin/pki-server-nuxwdog <instance> 3) Some addtional changes are also needed:
- In server.xml, you need to specify (for the https connector): passwordFile="/var/lib/pki/pki-tomcat26/ca/conf/CS.cfg" passwordClass="com.netscape.cms.tomcat.NuxwdogPasswordStore" - For old instances, a listener will also need to be added at the Server level: <Listener className="com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer"/> - right now, this will work only when security_manager is off (set this in /etc/sysconfig/$instance) - also set selinux permissive - also make sure you have latest tomcatjss (needs to be built) and latest nuxwdog (also to be built)
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1214825
This is now done. The only remaining issue is that instances started with nuxwdog now run as root. We can address this in a separate ticket.
Metadata Update from @vakwetu: - Issue assigned to vakwetu - Issue set to the milestone: 10.2.4
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1792
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.