summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove Requires on separate package python-krbV in clientRob Crittenden2010-06-022-4/+10
| | | | | | We need the configured kerberos realm so we can clean up /etc/krb5.keytab. We have this already in /etc/ipa/default.conf so use that instead of requiring a whole other python package to do it.
* Catch the condition where dogtag is already configured (no preop.pin)Rob Crittenden2010-06-011-0/+3
| | | | | | | | This causes the installation to blow up badly otherwise. To remove an existing instance run: # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
* Fall back to DM password if GSSAPI fails and make deleting more user-friendlyRob Crittenden2010-06-011-8/+38
| | | | | Try to be a bit more descriptive about why a deletion fails and generate a prettier error message.
* Query the remote server to see if this replica host already exists.Rob Crittenden2010-06-011-13/+23
| | | | | | If it does then the installation will fail trying to set up the keytabs, and not in a way that you say "aha, it's because the host is already enrolled."
* Add LDAP upgrade over ldapi support.Rob Crittenden2010-06-015-33/+192
| | | | | | | | | This disables all but the ldapi listener in DS so it will be quiet when we perform our upgrades. It is expected that any other clients that also use ldapi will be shut down by other already (krb5 and dns). Add ldapi as an option in ipaldap and add the beginning of pure offline support (e.g. direct editing of LDIF files).
* gpg2 requires --batch to use the --passphrase* arguments.Rob Crittenden2010-05-271-2/+2
| | | | | | This was causing replica creation and installation to fail. 596446
* Include missing update file 30-hbacsvc.updateRob Crittenden2010-05-271-0/+35
|
* Add ipaUniqueID to HBAC services and service groupsRob Crittenden2010-05-277-35/+10
| | | | Also fix the memberOf attribute for the HBAC services
* Re-number some attributes to compress our usage to be contiguousRob Crittenden2010-05-278-50/+69
| | | | | | | No longer install the policy or key escrow schemas and remove their OIDs for now. 594149
* Add 'all' serviceCategory to default HBAC group and add some default servicesRob Crittenden2010-05-271-0/+31
|
* Move the dogtag SELinux rules loading into the spec fileRob Crittenden2010-05-273-27/+8
| | | | | | I couldn't put the dogtag rules into the spec file until we required dogtag as a component. If it wasn't pre-loaded them the rules loading would fail because types would be missing.
* Include -clone_uri argument to pkisilent setting the clone URI.Rob Crittenden2010-05-271-0/+2
| | | | This makes creating a clone from a clone work as expected.
* Remove local get_dn() from hbacsvcgroup and add tests for hbacsvcgroupRob Crittenden2010-05-203-18/+265
|
* Try to clear up that uid is a number, not the login nameRob Crittenden2010-05-171-1/+1
|
* Enforce that max password lifetime is greater than the min lifetimeRob Crittenden2010-05-171-3/+28
| | | | 461325
* Use new service schema for HBAC testsRob Crittenden2010-05-171-3/+35
|
* Replace old pwpolicy plugin with new one using baseldap, fix tests.Rob Crittenden2010-05-175-919/+254
| | | | Fix deletion of policy when a group is removed.
* Add groups of services to HBACRob Crittenden2010-05-176-11/+323
| | | | | | | Replace serviceName with memberService so we can assign individual services or groups of services to an HBAC rule. 588574
* Remove left-over debugging statementRob Crittenden2010-05-141-2/+0
|
* Correctly handle EmptyModlist exception in pwpolicy2-mod.Pavel Zuna2010-05-141-7/+15
| | | | | | | | | | | EmptyModlist exception was generated by pwpolicy2-mod when modifying policy priority only. It was because the priority attribute is stored outside of the policy entry (in a CoS entry) and there was nothing left to be changed in the policy entry. This patch uses the new exception callbacks in baseldap.py classes to catch the EmptyModlist exception and checks if there was really nothing to be modified before reraising the exception.
* Add exception callback (exc_callback) to baseldap.py classes.Pavel Zuna2010-05-141-33/+150
| | | | | | It enables plugin authors to supply their own handlers for ExecutionError exceptions generated by calls to ldap2 made from the execute method of baseldap.py classes that extend CallbackInterface.
* Update Kannada translationsJohn Dennis2010-05-111-80/+904
|
* Become IPA v2 alpha 3 (1.9.0.pre3)alpha_3-1-9-0Rob Crittenden2010-05-071-1/+1
|
* Check to see if we are configured before uninstalling.Rob Crittenden2010-05-071-1/+5
| | | | Allow the --force flag to override on both install and uninstall
* Add simple test to see if client is already configuredRob Crittenden2010-05-062-0/+12
| | | | | | | | | | | | If this ever gets out of sync the user can always remove /var/lib/ipa-client/sysrestore/*, they just need to understand the implications. One potential problem is with certmonger. If you install the client and then re-install without uninstalling then the subsequent certificate request by certmonger will fail because it will already be tracking a certificate in /etc/pki/nssdb of the same nickname and subject (the old cert).
* Make calling service and chkconfig tolerant of the service not installedRob Crittenden2010-05-061-9/+59
| | | | | For example, if nscd is not installed this would throw lots of errors about not being able to disable it, stop it, etc.
* Call certmonger after krb5, avoid uninstall errors, better password handling.Rob Crittenden2010-05-062-23/+52
| | | | | | | | | - Move the ipa-getcert request to after we set up /etc/krb5.conf - Don't try removing certificates that don't exist - Don't tell certmonger to stop tracking a cert that doesn't exist - Allow --password/-w to be the kerberos password - Print an error if prompting for a password would happen in unattended mode - Still support echoing a password in when in unattended mode
* Initialize XML-RPC structures to fix issues uncovered by MALLOC_PERTURB_Rob Crittenden2010-05-061-13/+11
| | | | | | | Also re-arrange some code around reading the configuration file. In trying to eliminate bogus error messages I prevented the file from being read at all. It isn't a problem when joining with ipa-client (which uses -s) but it wouldn't work if you don't pass in a server name.
* named.conf: Add trailing dot to the fake_mnameMartin Nagy2010-05-061-1/+1
| | | | | Yet another trailing dot issue, but this one was kept hidden because only the latest bind-dyndb-ldap package uses the fake_mname option.
* Add new password policy plugin based on baseldap.py classes.root2010-05-052-0/+522
|
* Increase the attributes we display by default and fix up some labels.Rob Crittenden2010-05-051-2/+8
|
* Create default HBAC rule allowing any user to access any host from any hostRob Crittenden2010-05-055-4/+32
| | | | | | | | | This is to make initial installation and testing easier. Use the --no_hbac_allow option on the command-line to disable this when doing an install. To remove it from a running server do: ipa hbac-del allow_all
* Add weekly periodic schedule to AccessTime param type.root2010-05-042-3/+4
| | | | Fix bug #588414
* Handle CSRs whether they have NEW in the header or notRob Crittenden2010-05-034-23/+10
| | | | Also consolidate some duplicate code
* Add test cases for AccessTime param and fix some problems in AccessTimeRob Crittenden2010-05-032-4/+50
|
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-0310-15/+65
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* Set SO_REUSEADDR when determining socket availabilityRob Crittenden2010-05-031-0/+2
| | | | | | The old perl DS code for detection didn't set this so was often confused about port availability. We had to match their behavior so the installation didn't blow up. They fixed this a while ago, this catches us up.
* Fix output of summary and embedded dictionariesRob Crittenden2010-05-031-3/+3
| | | | | | | Summaries were appearing as "Gettext(...") Embedded dictionaries, such as group membership failures, didn't have labels so were basically just being dumped.
* client installation fixes: nscd, sssd min version, bogus join errorRob Crittenden2010-05-033-13/+28
| | | | | | - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in
* Reorder some things in the client installerRob Crittenden2010-05-031-16/+27
| | | | | | - Fetch the CA cert before running certmonger - Delete entries from the keytab before removing /etc/krb5.conf - Add and remove the IPA CA to /etc/pki/nssdb
* Remove some duplicated schemaRob Crittenden2010-04-301-9/+0
| | | | | Newer versions of 389-ds provide this certificate schema so no need to provide it ourselves.
* Fix a couple of syntax errors in the installer.Rob Crittenden2010-04-271-2/+5
| | | | I meant to push these along with the original patch but pushed the wrong one.
* Add file with example plugins/tutorial.Pavel Zuna2010-04-271-0/+437
| | | | | | Note that this is still work in progress and will be finished in another patch. Specifically, it currently doesn't cover baseldap.py classes.
* Replace a new instance of IPAdmin use in ipa-server-install.Pavel Zuna2010-04-272-16/+19
|
* Some more changes for DNS forwarders promptMartin Nagy2010-04-231-3/+3
|
* Add forgotten trailing dots in DNS recordsMartin Nagy2010-04-232-4/+11
| | | | 583023
* Connect to the ldap during the uninstallationMartin Nagy2010-04-231-8/+28
| | | | | | We need to ask the user for a password and connect to the ldap so the bind uninstallation procedure can remove old records. This is of course only helpful if one has more than one IPA server configured.
* Delete old SRV records during uninstallationMartin Nagy2010-04-231-11/+68
|
* Accept unicode for sysrestoreMartin Nagy2010-04-231-2/+2
|
* Don't require kerberos principal with the LDAP password change operation.Rob Crittenden2010-04-231-26/+42
| | | | | | This was preventing ldappasswd from resetting a password. 471287
generated by cgit (git 2.34.1) at 2024-06-21 21:20:35 +0000