summaryrefslogtreecommitdiffstats
path: root/ipa-client
Commit message (Collapse)AuthorAgeFilesLines
* No longer generate a machine certificate on client installsRob Crittenden2014-09-051-66/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4449 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow user to force Kerberos realm during installation.David Kupka2014-09-052-21/+33
| | | | | | | | | User can set realm not matching one resolved from DNS. This is useful especially when DNS is missconfigured. https://fedorahosted.org/freeipa/ticket/4444 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-051-5/+4
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not add already configured sources to nsswitch.conf ↵Tomas Babej2014-09-041-12/+18
| | | | | | | | | | | entries Makes sure that any new sources added are not already present in the entry. https://fedorahosted.org/freeipa/ticket/4508 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add client certificate update tool ipa-certupdate.Jan Cholasta2014-07-306-0/+236
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for system-wide store from cert store in ipa-client-install.Jan Cholasta2014-07-301-6/+8
| | | | | | | | | | All of the certificates and associated key policy are now stored in /etc/pki/ca-trust/source/ipa.p11-kit. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/pki/nssdb from certificate store in ipa-client-install.Jan Cholasta2014-07-301-43/+120
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.Jan Cholasta2014-07-301-26/+10
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.Jan Cholasta2014-07-301-45/+51
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Refactor CA certificate fetching code in ipa-client-install.Jan Cholasta2014-07-301-51/+37
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.Jan Cholasta2014-07-301-3/+7
| | | | | | | This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not crash client basedn discovery when SSF not metMartin Kosek2014-07-291-4/+4
| | | | | | | | | | ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix ipa-getkeytab for pre-4.0 serversNathaniel McCallum2014-07-251-17/+21
| | | | | | | | | | Also, make the error messages for this fallback case less scary and clean up some indentation issues in the nearby code which made this code difficult to read. https://fedorahosted.org/freeipa/ticket/4446 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix warning: Using uninitialized value ld.Lukas Slebodnik2014-07-141-1/+1
| | | | | | | If create_getkeytab_control fails variable uninitialized pointer 'ld' will be used. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix ipa-client-install --uninstall crashDavid Kupka2014-07-081-1/+4
| | | | | | | | Fix ipa-client-install crash when chronyd service fails to start. https://fedorahosted.org/freeipa/ticket/4273 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-install: Restart nisdomain service instead of startingTomas Babej2014-06-301-1/+3
| | | | | | | | | | To ensure new NIS domain name is loaded after ipa-client-install even in case when nisdomainname service is already running, we need to restart the service rather than starting it. https://fedorahosted.org/freeipa/ticket/4393 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix getkeytab code to always use implicit tagging.Simo Sorce2014-06-271-4/+4
| | | | | | | | | | | | | | A mixture of implicit and explicit tagging was being used and this caused a bug in retrieving the enctype number due to the way ber_scanf() loosely treat sequences and explicit tagging. The ASN.1 notation used to describe the getkeytab operation uses implicit tagging, so by changing the code we simply follow to the specified encoding. Resolves: https://fedorahosted.org/freeipa/ticket/4404 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Do not corrupt sshd_config in client install when trailing newline is missing.Jan Cholasta2014-06-261-25/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4373 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* man: Add -r option to ipa-getkeytab.1Simo Sorce2014-06-261-1/+7
| | | | | | Update the man page with the new ipa-getkeytab option. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Add support for get_keytab extopSimo Sorce2014-06-261-5/+305
| | | | | | | | | | | | This new extended operation is tried by default and then the code falls back to the old method if it fails. The new method allows for server side password generation as well as retrieval of existing credentials w/o causing regeneration of keys on the server. Resolves: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Modularize ldap_set_keytab functionSimo Sorce2014-06-261-138/+181
| | | | | | Isolate parts that will be reused in following patches. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-262-79/+78
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Pylint fixesTomas Babej2014-06-161-15/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-162-5/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Remove redundant imports of ipaservicesTomas Babej2014-06-162-4/+2
| | | | | | | | Also fixes few incorrect imports. https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change paths dependant on ipaservices to use ipaplatform.pathsTomas Babej2014-06-161-4/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change service code in freeipa to use ipaplatform servicesTomas Babej2014-06-163-45/+47
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change platform dependant code in freeipa to use ipaplatform tasksTomas Babej2014-06-163-12/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Do not require custom Authconfig implementations from platform ↵Tomas Babej2014-06-161-63/+16
| | | | | | | | modules https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Moved Fedora 16 service implementations and refactored them as ↵Tomas Babej2014-06-161-1/+0
| | | | | | | | base Fedora module service implementations https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* admin tools: Log IPA versionPetr Viktorin2014-05-271-0/+1
| | | | | | | | | | | Add the IPA version, and vendor version if applicable, to the beginning of admintool logs -- both framework and indivitual tools that don't yet use the framework. This will make debugging easier. https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client-automount should not configure nsswitch.conf manuallyGabe2014-05-161-6/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/3733 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-automount: Use rpcclient, not xmlclient, for automountlocation_showPetr Viktorin2014-05-141-1/+1
| | | | | Fix for a regression in 66fb4d5e849a049e95d3ef4fcf2b86217488634d https://fedorahosted.org/freeipa/ticket/4290
* ipa-client-install: Configure sudo to use SSSD as data sourceTomas Babej2014-05-092-1/+86
| | | | | | | | | | | Makes ipa-client-install configure SSSD as the data provider for the sudo service by default. This behaviour can be disabled by using --no-sudo flag. https://fedorahosted.org/freeipa/ticket/3358 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client: Set NIS domain name in the installerTomas Babej2014-05-092-0/+71
| | | | | | | | | | | | | | | | Provides two new options for the ipa-client-install: --nisdomain: specifies the NIS domain name --no_nisdomain: flag to aviod setting the NIS domain name In case no --nisdomain is specified and --no_nisdomain flag was not set, the IPA domain is used. Manual pages updated. http://fedorahosted.org/freeipa/ticket/3202 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fixed various typos in ipa-client-install man pageThorsten Scherf2014-05-061-3/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add wait_for_dns option to default.conf.Petr Spacek2014-04-041-0/+9
| | | | | | | | | | | This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol or until timeout. It is intended only for testing. It should prevent tests from failing if there is bigger delay between changes in LDAP and DNS. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make ipa-client-automount backwards compatibleMartin Kosek2014-04-021-1/+6
| | | | | | | | | | | | | | ipa-client-automount calls automountlocation-show command during the process. Unfortunately, FreeIPA commands are forward compatible only and thus fail the installer. Similarly to ipa-client-install, call XML-RPC interface directly with version fixed to 2.0 (command was already available at that version) to fix the failure. https://fedorahosted.org/freeipa/ticket/4290 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Move CACERT definition to a single place.Jan Cholasta2014-03-252-3/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix order of synchronizing time when running ipa-client-installGabe2014-03-201-17/+19
| | | | | | | | | | When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password which the order could be confusing to some users. This changes ipa-client-install to synchronize time before prompting for user kerberos authentication. https://fedorahosted.org/freeipa/ticket/3957 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* man: sshd should be run at least once before client enrollmentTomas Babej2014-03-051-0/+3
| | | | | | | | | | If SSH keys have not been generated prior to enrolling the client to the IPA server, they will not be uploaded to the server, since they're not present. Clarify this issue in the man pages. https://fedorahosted.org/freeipa/ticket/4055 Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
* Improve error message on failed Kerberos authenticationAna Krivokapic2014-02-181-2/+2
| | | | | | | | | | | When ipa client installation fails due to failed Kerberos authentication, make sure that the message about the failed authentication is displayed last. This makes it clear to the user that this was the reason for failed installation. https://fedorahosted.org/freeipa/ticket/3573 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-join usage instructions are incorrectGabe2014-02-181-1/+1
| | | | | | | | Parameter -s for ipa-join has hostame instead of hostname https://fedorahosted.org/freeipa/ticket/3250 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Enable building in C99 modeNathaniel McCallum2014-02-141-1/+1
| | | | | | | | | | | | | C99 is supported on all compilers we target and provides some useful features, including: * Standard struct initializers * Compound literals * For-loop declarations * Standard bool type * Variable arrays (use with caution) * Too many others to mention... Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ntpconf: remove redundant commentMartin Kosek2014-01-241-2/+1
| | | | https://fedorahosted.org/freeipa/ticket/4094
* Fix ntpd config on clients.Jan Cholasta2014-01-241-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/4094
* Fix ipa-client-automount uninstall when fstore is empty.Jan Cholasta2014-01-151-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/4091
* Make sure state of services is preserved after client uninstallAna Krivokapic2014-01-141-34/+47
| | | | | | | | | IPA client installation did not preserve the status of nscd and nslcd services correctly. E.g. nscd would be started after uninstallation, even though it wasn't running before client installation. Make sure the state of services is saved before installation and correctly restored after uninstallation. https://fedorahosted.org/freeipa/ticket/3790
* Use /usr/bin/python2Xiao-Long Chen2014-01-032-2/+2
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* ipa-client-install: Always pass hostname to the ipa-joinTomas Babej2013-12-091-4/+4
| | | | | | | | | | | The ipa-client-install script and ipa-join use different methods of resolving the hostname, the former uses gethostbyaddr() call, while the latter reads the "uinfo.nodename". This can result ipa-client-install failures in case of broken PTR records. https://fedorahosted.org/freeipa/ticket/4027
generated by cgit (git 2.34.1) at 2024-05-13 20:21:53 +0000