summaryrefslogtreecommitdiffstats
path: root/ipa-client
Commit message (Collapse)AuthorAgeFilesLines
* Check to see if we are configured before uninstalling.Rob Crittenden2010-05-071-1/+5
| | | | Allow the --force flag to override on both install and uninstall
* Add simple test to see if client is already configuredRob Crittenden2010-05-061-0/+4
| | | | | | | | | | | | If this ever gets out of sync the user can always remove /var/lib/ipa-client/sysrestore/*, they just need to understand the implications. One potential problem is with certmonger. If you install the client and then re-install without uninstalling then the subsequent certificate request by certmonger will fail because it will already be tracking a certificate in /etc/pki/nssdb of the same nickname and subject (the old cert).
* Make calling service and chkconfig tolerant of the service not installedRob Crittenden2010-05-061-9/+59
| | | | | For example, if nscd is not installed this would throw lots of errors about not being able to disable it, stop it, etc.
* Call certmonger after krb5, avoid uninstall errors, better password handling.Rob Crittenden2010-05-062-23/+52
| | | | | | | | | - Move the ipa-getcert request to after we set up /etc/krb5.conf - Don't try removing certificates that don't exist - Don't tell certmonger to stop tracking a cert that doesn't exist - Allow --password/-w to be the kerberos password - Print an error if prompting for a password would happen in unattended mode - Still support echoing a password in when in unattended mode
* Initialize XML-RPC structures to fix issues uncovered by MALLOC_PERTURB_Rob Crittenden2010-05-061-13/+11
| | | | | | | Also re-arrange some code around reading the configuration file. In trying to eliminate bogus error messages I prevented the file from being read at all. It isn't a problem when joining with ipa-client (which uses -s) but it wouldn't work if you don't pass in a server name.
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-031-4/+3
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* client installation fixes: nscd, sssd min version, bogus join errorRob Crittenden2010-05-032-11/+23
| | | | | | - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in
* Reorder some things in the client installerRob Crittenden2010-05-031-16/+27
| | | | | | - Fetch the CA cert before running certmonger - Delete entries from the keytab before removing /etc/krb5.conf - Add and remove the IPA CA to /etc/pki/nssdb
* Use the certificate subject base in IPA when requesting certs in certmonger.Rob Crittenden2010-04-232-8/+98
| | | | | | | | | | | | | | | | | When using the dogtag CA we can control what the subject of an issued certificate is regardless of what is in the CSR, we just use the CN value. The selfsign CA does not have this capability. The subject format must match the configured format or certificate requests are rejected. The default format is CN=%s,O=IPA. certmonger by default issues requests with just CN so all requests would fail if using the selfsign CA. This subject base is stored in cn=ipaconfig so we can just fetch that value in the enrollment process and pass it to certmonger to request the right thing. Note that this also fixes ipa-join to work with the new argument passing mechanism.
* Add option to enable pam_mkhomedirs in the IPA client installerrcrit2010-03-192-5/+15
|
* Add the popt auto-help/usage macro for enhanced help output.Rob Crittenden2010-03-023-3/+6
|
* Update available options and descriptions in client man pagesRob Crittenden2010-03-023-14/+50
|
* Fix command-line options convention in ipa-getkeytab man pageRob Crittenden2010-02-191-1/+1
| | | | Resolves #481230
* Fix a crash and memory leak in get_config_entry()Martin Nagy2010-02-161-1/+2
|
* Make sure the incoming data ins't NULL before strduping itRob Crittenden2010-02-101-1/+6
|
* Configure sssd and certmonger in ipa-client-installRob Crittenden2010-02-031-8/+94
| | | | | | | | | | | This does a number of things under the hood: - Use authconfig to enable sssd in nss and pam - Configure /etc/sssd/sssd.conf to use our IPA provider - Enable the certmonger process and request a server cert - join the IPA domain and retrieve a principal. The clinet machine *must* exist in IPA to be able to do a join. - And then undo all this on uninstall
* Remove some configuration files we create upon un-installationRob Crittenden2010-01-281-0/+6
| | | | | This is particularly important for Apache since we'd leave the web server handling unconfigured locations.
* Require that the hostname we are joining as is fully-qualifiedRob Crittenden2010-01-261-0/+6
|
* Remove duplicated codeRob Crittenden2010-01-261-6/+0
| | | | This strange bit of duplication was not surprisingly causing a double-free
* Stop looking when removing entries from a keytab.Rob Crittenden2010-01-201-0/+5
| | | | keytab entries are locked when looping. Temporarily suspend the looping.
* Need to supsend looping through the keytab entries when doing a delete.Rob Crittenden2009-12-181-0/+5
|
* Pass on debug option from ipa-client-install to ipa-joinRob Crittenden2009-12-091-0/+2
|
* A utility for removing principals from a keytab.Rob Crittenden2009-12-044-0/+319
| | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine.
* Better LDAP error handling in ipa-client-installRob Crittenden2009-12-011-9/+5
|
* Add server option to ipa-join so the IPA server can be specified.Rob Crittenden2009-11-302-5/+9
| | | | | | | This is needed because in the client installer we actually perform the join before creating the configuration files that join uses. All we need is the IPA server to join to and we have that from the CLI options so use that.
* Integrate ipa-join and ipa-rmkeytab into the client install/uninstallRob Crittenden2009-11-251-110/+209
| | | | This will fetch a keytab on installation and remove it upon uninstallation.
* Clean up some return valuesRob Crittenden2009-11-191-12/+20
| | | | | | | Because ipa-join calls ipa-getkeytab I'd like to keep the return values in sync. ipa-join returns the value returned by ipa-getkeytab so in order to tell what failed the return values need to mean the same things and not overlap.
* Add man page for ipa-join commandRob Crittenden2009-10-122-1/+62
|
* Improve debugging, general output, initialize xmlrpc-c properlyRob Crittenden2009-10-121-9/+34
|
* Enrollment for a host in an IPA domainRob Crittenden2009-09-246-10/+889
| | | | | | | | | | | | This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-201-4/+4
|
* Fix configure with newer auto* and libtool on Fedora-11rcrit2009-07-011-0/+2
|
* The new admin tool 'ipa' uses a different configuration file, create it.Rob Crittenden2009-04-131-7/+8
|
* Use OpenSSL for SSL instead of the built-in python version.Rob Crittenden2009-02-201-0/+3
|
* Rename ipa-python directory to ipapython so it is a real python libraryRob Crittenden2009-02-093-48/+48
| | | | | We used to install it as ipa, now installing it as ipapython. The rpm is still ipa-python.
* Minor cleanup of configure.acRob Crittenden2009-02-051-1/+0
|
* Consolidate to a single autogen.sh and remove a redundant make targetRob Crittenden2009-02-041-196/+0
| | | | Also cheat a little and don't force auto* to require files to exist
* Fix segfault in ipa-getkeytabRob Crittenden2008-09-241-1/+1
| | | | 463548
* We were assuming that, if the realm was correct then also theSimo Sorce2008-09-181-9/+6
| | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand.
* Add 2 features to ipa-getkeytab:Simo Sorce2008-08-211-195/+443
| | | | | 1. Allow to specify the salt type along with the enctype 2. Allow to specify a password instead of forcing a random secret
* Delete old mercurial files.Martin Nagy2008-08-151-32/+0
|
* Fix versioning for configure.ac and ipa-python/setup.pySimo Sorce2008-08-114-3/+6
| | | | | | | | | | Fix make maintainer-clean Also make RPM naming consistent by using a temp RELEASE file. This one helps when testing builds using rpms. Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...) Version 1.1.0 was released some times ago, bump up to 1.1.1
* Wrap up the raw_input() to user_input() for convenience and uniformity.Martin Nagy2008-07-231-17/+6
|
* Fix some small issues that caused compiler warnings, like uninitialized or ↵Martin Nagy2008-06-301-7/+4
| | | | unused variables or missing krb5 prototypes.
* Fix uninizialized counter, was causing allocation to fail and command toSimo Sorce2008-06-121-0/+1
| | | | return in case any encryption type was explicitly requested
* Fix some minor man page issues.Rob Crittenden2008-06-041-8/+7
| | | | 438771
* Fix some formatting issues and correct the example.Rob Crittenden2008-06-041-28/+32
| | | | 443009
* Fix typo and reorder -q|--quiet so it displays nicer. popt isn't putting it ↵Rob Crittenden2008-06-041-2/+2
| | | | | | on a separate line so moving it up front makes it easier to find. 443014
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-031-16/+28
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Try to clear up messages prompting for domain and IPA server when DNS ↵Rob Crittenden2008-05-301-4/+4
| | | | discovery fails to find them.
generated by cgit (git 2.34.1) at 2024-05-04 18:52:07 +0000