summaryrefslogtreecommitdiffstats
path: root/ipa-client
Commit message (Collapse)AuthorAgeFilesLines
* Configure SSSD to store user password if offline.Jan Cholasta2011-07-142-0/+7
| | | | ticket 1359
* Remove redundant configuration values from krb5.conf.Jan Cholasta2011-06-281-3/+0
| | | | ticket 1358
* On a master configure sssd to only talk to the local master.Rob Crittenden2011-06-211-1/+5
| | | | | | | | Otherwise it is possible for sssd to pick a different master to communicate with via the DNS SRV records and if the remote master goes down the local one will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187
* Fix support for nss-pam-ldapdMartin Kosek2011-06-081-14/+45
| | | | | | | | | | | | | Client installation with --no-sssd option was broken if the client was based on a nss-pam-ldap instead of nss_ldap. The main issue is with authconfig rewriting the nslcd.conf after it has been configured by ipa-client-install. This has been fixed by changing an order of installation steps. Additionally, nslcd daemon needed for nss-pam-ldap function is correctly started. https://fedorahosted.org/freeipa/ticket/1235
* Properly configure nsswitch.conf when using the --no-sssd option.Rob Crittenden2011-05-181-3/+4
| | | | | | | | | | | Even with --no-sssd authconfig was setting nsswitch.conf to use sssd for users, groups, shadow and netgroups. We need to pass in the --enableforcelegacy option hwen configuring nss_ldap. Also always back up and restore sssd.conf. It still gets configured for kerberos. ticket 1142
* KDC autodiscovery may fail when domain is not realmMartin Kosek2011-05-172-15/+26
| | | | | | | | | | | | | When ipa-client-install autodiscovers IPA server values it doesn't fill the fixed KDC address to Kerberos configuration file. However, when realm != domain or the autodiscovered values are overridden, installation may fail because it cannot find the KDC. This patch adds a failover to use static KDC address in case when such an issue occurs. https://fedorahosted.org/freeipa/ticket/1100
* Improve service manipulation in client installMartin Kosek2011-05-131-93/+64
| | | | | | | | Remove redundant ipa-client-install error message when optional nscd daemon was not installed. Additionally, use standard IPA functions for service manipulation and improve logging. https://fedorahosted.org/freeipa/ticket/1207
* Consolidate man pages and IPA tools helpMartin Kosek2011-05-121-7/+7
| | | | | | | | IPA tools options are not consistent with information in man pages. https://fedorahosted.org/freeipa/ticket/1163 https://fedorahosted.org/freeipa/ticket/1178
* Fix issues found by Coverity.Jan Cholasta2011-05-092-1/+9
| | | | tickets 1166, 1167, 1168, 1169
* install-scripts: avoid using --list with chkconfigSimo Sorce2011-05-061-6/+0
| | | | | | | | | | | | | This option does not behave properly in F15 as chkconfig does not list services moved to use systemd service files. Plus there are more direct ways than parsing its output, which are more reliable. Also just testing for the availability of the service calling 'chkconfig name' is enough. https://fedorahosted.org/freeipa/ticket/1206
* Bad return values for ipa-rmkeytab commandMartin Kosek2011-05-032-1/+9
| | | | | | | | | ipa-rmkeytab returns success even when the realm passed to the program is not found in a keytab. This patch adds an explanatory error message and returns error code 5 - Principal or realm not found. https://fedorahosted.org/freeipa/ticket/694
* ipa-client-install uninstall does not work on IPA serverMartin Kosek2011-04-291-1/+1
| | | | | | | When IPA server is being uninstalled, IPA client on-master uninstallation which is called by the script fails. https://fedorahosted.org/freeipa/ticket/1197
* Forbid reinstallation in ipa-client-installMartin Kosek2011-04-291-7/+8
| | | | | | | | | | | | The --force option may be misused to reinstall an existing IPA client. This is not supported and may lead to unexpected errors. When required, the cleanest way to re-install IPA client is to run uninstall and then install again. This patch also includes few cosmetic changes in messages to user to provide more consistent user experience with the script. https://fedorahosted.org/freeipa/ticket/1117
* Prevent uninstalling client on the IPA serverMartin Kosek2011-04-291-0/+6
| | | | | | | | This patch prevents uninstalling IPA client when it is configured as a part of IPA server. ipa-server-installation script is advised for this situation. https://fedorahosted.org/freeipa/ticket/1049
* Log temporary files in ipa-client-installMartin Kosek2011-04-281-1/+8
| | | | | | | | This patch adds logging of temporary files (Kerberos configuration, nsupdate commands) that may be very useful for debugging purposes. https://fedorahosted.org/freeipa/ticket/1093 https://fedorahosted.org/freeipa/ticket/1094
* Fix lint false positives.Jan Cholasta2011-04-131-1/+1
|
* Suppress --on-master from ipa-client-install command-line and man page.Rob Crittenden2011-04-122-4/+4
| | | | | | | | This option is only used when configuring an IPA client on an IPA server. Describing it on the command-line will only confuse people so don't list it as an option. Ticket 1050
* Make retrieval of the CA during DNS discovery non-fatal.Rob Crittenden2011-03-301-1/+2
| | | | ticket 1135
* Ensure that the system hostname is lower-case.Rob Crittenden2011-03-181-5/+8
| | | | ticket 1080
* Always consider domain and server when doing DNS discovery in client.Rob Crittenden2011-03-151-8/+4
| | | | | | | | | When not on master we weren't passing in the user-supplied domain and server. Because of changes made that require TLS on the LDAP calls we always need the server name early in the process to retrieve the IPA CA certificate. ticket 1090
* If --hostname is provided for ipa-client-install use it everywhere.Rob Crittenden2011-03-081-11/+56
| | | | | | | | | | | | | | | | | | | If a hostname was provided it wasn't used to configure either certmonger or sssd. This resulted in a non-working configuration. Additionally on un-enrollment the wrong hostname was unenrolled, it used the value of gethostname() rather than the one that was passed into the installer. We have to modify the CA configuration of certmonger to make it use the right principal when requesting certificates. The filename is unpredicable but it will be in /var/lib/certmonger/cas. We need to hunt for ipa_submit and add -k <principal> to it, then undo that on uninstall. These files are created the first time the certmonger service starts, so start and stop it before messing with them. ticket 1029
* Always try to stop tracking the server cert when uninstalling client.Rob Crittenden2011-03-081-10/+13
| | | | | | | | | | | stop_tracking() is robust enough to do the right thing if no certificate exists so go ahead and always call it. If the certificate failed to be issued for some reason the request will still in certmonger after uninstalling. This would cause problems when trying to reinstall the client. This will go ahead and always tell certmonger to stop tracking it. ticket 1028
* Fix kinit invocation in ipa-client-installSimo Sorce2011-03-011-1/+2
|
* Add man page for the IPA configuration fileRob Crittenden2011-02-232-2/+187
| | | | ticket 969
* Set krb5_realm in sssd.conf in the ipa provider.Rob Crittenden2011-02-221-2/+4
| | | | ticket 925
* 18 Use TLS for ipadiscovery during ipa-client-install ↵Jr Aquino2011-02-211-0/+24
| | | | https://fedorahosted.org/freeipa/ticket/974
* Document --enable-dns-updates in ipa-client-install man pageJakub Hrozek2011-02-211-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/991
* Fixes in ipa-join man pageJan Zeleny2011-02-182-11/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/784 https://fedorahosted.org/freeipa/ticket/786 https://fedorahosted.org/freeipa/ticket/787
* Try to register DNS name through a DNS Update on install.Simo Sorce2011-02-171-0/+111
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/935
* Configure SSSD to use DNS to find the IPA server by default.Rob Crittenden2011-02-171-1/+1
| | | | | | Add the server we registered with as a fallback. ticket 980
* Fix duplicate OIDsSimo Sorce2011-02-172-3/+3
| | | | | | | | | | | | | | | Apparently we forgot to check OID consistency between the schema and the extensions, and we got duplicates. Technically the schema was done later but it is easier to change the extensions OIDs than to change the schema of current beta2/rc1 installations. The only side effect is that older ipa-getkeytab and ipa-join binaries will fail. So all the admin/client tools must be upgraded at the same time as well as all the masters (otherwise some will show/accept the new OID while others won't). Fixes: https://fedorahosted.org/freeipa/ticket/976
* Fix a typo in ipa-client-install man pageJan Zeleny2011-02-151-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/782
* Bugfix for ipa-client-install echo's password in cleartext to stdout ↵Jr Aquino2011-02-141-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/959
* Detection of v1 server during ipa-client-installMartin Kosek2011-02-141-1/+5
| | | | | | | | | | When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method. https://fedorahosted.org/freeipa/ticket/553
* Fine tuning DNS optionsJakub Hrozek2011-02-141-0/+1
| | | | | | | | | | | | Add pointer to self to /etc/hosts to avoid chicken/egg problems when restarting DNS. On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't attempt to do any resolving. Leave it to true on clients. Set rdns to false on both server and client. https://fedorahosted.org/freeipa/ticket/931
* Make sure only root can run ipa-client-installJakub Hrozek2011-02-141-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/957
* nscd should be disabled before sssd is configured/started.Rob Crittenden2011-02-101-22/+22
| | | | | | | | | | | If not then sssd spits out a warning message: sssd: nscd socket was detected. As nscd caching capabilities may conflict with SSSD, it is recommended to not run nscd in parallel with SSSD Stop nscd before configuring sssd so we don't confuse our users. ticket 743
* Fix prompt for confirmation of fixed values wrapping around terminal.Rob Crittenden2011-02-101-1/+1
| | | | ticket 940
* Fix filter_keys in ipa-getkeytabJakub Hrozek2011-01-281-2/+6
| | | | https://fedorahosted.org/freeipa/ticket/723
* Add an option for overriding the hostname value.Rob Crittenden2011-01-262-0/+8
| | | | Ticket 834
* Improve output when options are not found in non-interactive client installRob Crittenden2011-01-211-1/+3
| | | | | | | We should still give some feedback when things go wrong when in non-interactive mode. ticket 828
* Do not try to dereference bindpw if it is nullSimo Sorce2011-01-181-2/+7
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/783
* Mozldap-specific code removedMartin Kosek2011-01-142-6/+0
| | | | | | | | Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package mozldap-devel is not installed on the system. https://fedorahosted.org/freeipa/ticket/756
* Unitialized pointer read in ipa-joinMartin Kosek2011-01-141-2/+2
| | | | | | | This patch fixes a possible situation when krb5_kt_close() function is called with uninitialized keytab parameter. https://fedorahosted.org/freeipa/ticket/712
* Potential memory leaks in ipa-getkeytabMartin Kosek2011-01-141-0/+2
| | | | | | | | This patch fixes 2 situations where a pointer to allocated error string could be overwritten - which could have resulted in a memory leak. https://fedorahosted.org/freeipa/ticket/714
* Unchecked return values in ipa-joinMartin Kosek2011-01-122-10/+62
| | | | | | | | | | | krb5_get_default_realm() and asprintf() return values were ignored. This could lead to unhandled error issues or memory access issues. This patch adds return value checks to all such functions. As a consequence, one new return value has been added to man page. https://fedorahosted.org/freeipa/ticket/720
* Unchecked return value in ipa-getkeytabMartin Kosek2011-01-121-3/+15
| | | | | | | | | | | | krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program exit in a standard way deallocating all resources. https://fedorahosted.org/freeipa/ticket/721
* Uninitialized pointer read in ipa-rmkeytabMartin Kosek2011-01-121-5/+14
| | | | | | | Fix "--realm" parameter processing in ipa-rmkeytab. Also make sure that memory allocated in this process is also freed. https://fedorahosted.org/freeipa/ticket/711
* Use of pointer after free in ipa-joinMartin Kosek2011-01-121-4/+10
| | | | | | | | In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables. https://fedorahosted.org/freeipa/ticket/709
* Better detection when not working with a real keytab in ipa-rmkeytab.Rob Crittenden2011-01-071-1/+11
| | | | | | | Resolving the keytab isn't enough, this just creates a name. Try to create a cursor into the keytab to see if it is a valid keytab. ticket 654
generated by cgit (git 2.34.1) at 2024-11-13 00:05:38 +0000