summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-06-08 17:21:23 -0400
committerSimo Sorce <ssorce@redhat.com>2011-08-26 08:24:50 -0400
commit195a65d5c2b2f2a318225a94e734ec41cdc34b1d (patch)
treed7caf2d0167f99c63cdd74063c1ff0f5f92700da /install
parent35e15f6c91be21715d33ae0f06b5629f63289e8f (diff)
downloadfreeipa-195a65d5c2b2f2a318225a94e734ec41cdc34b1d.tar.gz
freeipa-195a65d5c2b2f2a318225a94e734ec41cdc34b1d.tar.xz
freeipa-195a65d5c2b2f2a318225a94e734ec41cdc34b1d.zip
ipa-kdb: Change install to use the new ipa-kdb kdc backend
Use ipakdb instead of kldap and change install procedures accordingly Note that we do not need to store the master key in a keytab as we can read it off of ldap in our driver.
Diffstat (limited to 'install')
-rw-r--r--install/share/Makefile.am2
-rw-r--r--install/share/default-keytypes.ldif33
-rw-r--r--install/share/default-pwpolicy.ldif14
-rw-r--r--install/share/kdc.conf.template1
-rw-r--r--install/share/kerberos.ldif39
-rw-r--r--install/share/krb5.conf.template7
6 files changed, 40 insertions, 56 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index c6361099b..1ff2a4ea3 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -13,8 +13,6 @@ app_DATA = \
caJarSigningCert.cfg.template \
default-aci.ldif \
default-hbac.ldif \
- default-keytypes.ldif \
- default-pwpolicy.ldif \
delegation.ldif \
replica-acis.ldif \
ds-nfiles.ldif \
diff --git a/install/share/default-keytypes.ldif b/install/share/default-keytypes.ldif
deleted file mode 100644
index 8093b6989..000000000
--- a/install/share/default-keytypes.ldif
+++ /dev/null
@@ -1,33 +0,0 @@
-#kerberos keytypes
-dn: cn=$REALM,cn=kerberos,$SUFFIX
-changetype: modify
-add: krbSupportedEncSaltTypes
-krbSupportedEncSaltTypes: aes256-cts:normal
-krbSupportedEncSaltTypes: aes256-cts:special
-krbSupportedEncSaltTypes: aes128-cts:normal
-krbSupportedEncSaltTypes: aes128-cts:special
-krbSupportedEncSaltTypes: des3-hmac-sha1:normal
-krbSupportedEncSaltTypes: des3-hmac-sha1:special
-krbSupportedEncSaltTypes: arcfour-hmac:normal
-krbSupportedEncSaltTypes: arcfour-hmac:special
-krbSupportedEncSaltTypes: des-hmac-sha1:normal
-krbSupportedEncSaltTypes: des-cbc-md5:normal
-krbSupportedEncSaltTypes: des-cbc-crc:normal
-krbSupportedEncSaltTypes: des-cbc-crc:v4
-krbSupportedEncSaltTypes: des-cbc-crc:afs3
--
-add: krbMaxTicketLife
-krbMaxTicketLife: 86400
--
-add: krbMaxRenewableAge
-krbMaxRenewableAge: 604800
-
-#kerberos keytypes
-dn: cn=$REALM,cn=kerberos,$SUFFIX
-changetype: modify
-add: krbDefaultEncSaltTypes
-krbDefaultEncSaltTypes: aes256-cts:special
-krbDefaultEncSaltTypes: aes128-cts:special
-krbDefaultEncSaltTypes: des3-hmac-sha1:special
-krbDefaultEncSaltTypes: arcfour-hmac:special
-
diff --git a/install/share/default-pwpolicy.ldif b/install/share/default-pwpolicy.ldif
deleted file mode 100644
index 1bb4a096e..000000000
--- a/install/share/default-pwpolicy.ldif
+++ /dev/null
@@ -1,14 +0,0 @@
-dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
-changetype: add
-objectClass: top
-objectClass: nsContainer
-objectClass: krbPwdPolicy
-krbMinPwdLife: 3600
-krbPwdMinDiffChars: 0
-krbPwdMinLength: 8
-krbPwdHistoryLength: 0
-krbMaxPwdLife: 7776000
-krbPwdMaxFailure: 6
-krbPwdFailureCountInterval: 60
-krbPwdLockoutDuration: 600
-
diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 02f1dc111..0a51162da 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -6,7 +6,6 @@
[realms]
$REALM = {
master_key_type = aes256-cts
- supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
max_life = 7d
max_renewable_life = 14d
acl_file = /var/kerberos/krb5kdc/kadm5.acl
diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif
index a4c603d8b..a40b63aa0 100644
--- a/install/share/kerberos.ldif
+++ b/install/share/kerberos.ldif
@@ -16,3 +16,42 @@ objectClass: top
cn: kerberos
aci: (targetattr="*")(version 3.0; acl "KDC System Account"; allow (all) userdn= "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
+#Realm base object
+dn: cn=$REALM,cn=kerberos,$SUFFIX
+changetype: add
+cn: $REALM
+objectClass: top
+objectClass: krbrealmcontainer
+objectClass: krbticketpolicyaux
+krbSubTrees: $SUFFIX
+krbSearchScope: 2
+krbSupportedEncSaltTypes: aes256-cts:normal
+krbSupportedEncSaltTypes: aes256-cts:special
+krbSupportedEncSaltTypes: aes128-cts:normal
+krbSupportedEncSaltTypes: aes128-cts:special
+krbSupportedEncSaltTypes: des3-hmac-sha1:normal
+krbSupportedEncSaltTypes: des3-hmac-sha1:special
+krbSupportedEncSaltTypes: arcfour-hmac:normal
+krbSupportedEncSaltTypes: arcfour-hmac:special
+krbMaxTicketLife: 86400
+krbMaxRenewableAge: 604800
+krbDefaultEncSaltTypes: aes256-cts:special
+krbDefaultEncSaltTypes: aes128-cts:special
+krbDefaultEncSaltTypes: des3-hmac-sha1:special
+krbDefaultEncSaltTypes: arcfour-hmac:special
+
+# Default password Policy
+dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+objectClass: krbPwdPolicy
+krbMinPwdLife: 3600
+krbPwdMinDiffChars: 0
+krbPwdMinLength: 8
+krbPwdHistoryLength: 0
+krbMaxPwdLife: 7776000
+krbPwdMaxFailure: 6
+krbPwdFailureCountInterval: 60
+krbPwdLockoutDuration: 600
+
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
index 46e26a4ba..d5e5af595 100644
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@@ -31,11 +31,6 @@
[dbmodules]
$REALM = {
- db_library = kldap
- ldap_servers = ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket
- ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
- ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
- ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
- ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
+ db_library = ipadb.so
}