| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4449
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
User can set realm not matching one resolved from DNS. This is useful especially
when DNS is missconfigured.
https://fedorahosted.org/freeipa/ticket/4444
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.
>=certmonger-0.75.13 is needed for this to work.
https://fedorahosted.org/freeipa/ticket/4280
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
entries
Makes sure that any new sources added are not already present
in the entry.
https://fedorahosted.org/freeipa/ticket/4508
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
All of the certificates and associated key policy are now stored in
/etc/pki/ca-trust/source/ipa.p11-kit.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
| |
This is a no longer used nickname for CA certificate on CA-less server
installs.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
ipa-client-install runs anonymous search in non-rootdse space which
may raise UNWILLING_TO_PERFORM error. This case was only covered for
BIND, but not for the actual LDAP queries.
https://fedorahosted.org/freeipa/ticket/4459
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.
https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
| |
If create_getkeytab_control fails variable uninitialized pointer 'ld' will be
used.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix ipa-client-install crash when chronyd service fails to start.
https://fedorahosted.org/freeipa/ticket/4273
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
To ensure new NIS domain name is loaded after ipa-client-install
even in case when nisdomainname service is already running, we
need to restart the service rather than starting it.
https://fedorahosted.org/freeipa/ticket/4393
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A mixture of implicit and explicit tagging was being used and this caused
a bug in retrieving the enctype number due to the way ber_scanf() loosely
treat sequences and explicit tagging.
The ASN.1 notation used to describe the getkeytab operation uses implicit
tagging, so by changing the code we simply follow to the specified encoding.
Resolves: https://fedorahosted.org/freeipa/ticket/4404
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4373
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
Update the man page with the new ipa-getkeytab option.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new extended operation is tried by default and then the code falls
back to the old method if it fails. The new method allows for server
side password generation as well as retrieval of existing credentials
w/o causing regeneration of keys on the server.
Resolves:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
| |
Isolate parts that will be reused in following patches.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
Also fixes few incorrect imports.
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
modules
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
base Fedora module service implementations
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add the IPA version, and vendor version if applicable, to the beginning
of admintool logs -- both framework and indivitual tools that don't yet
use the framework.
This will make debugging easier.
https://fedorahosted.org/freeipa/ticket/4219
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3733
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
| |
Fix for a regression in 66fb4d5e849a049e95d3ef4fcf2b86217488634d
https://fedorahosted.org/freeipa/ticket/4290
|
|
|
|
|
|
|
|
|
|
|
| |
Makes ipa-client-install configure SSSD as the data provider
for the sudo service by default. This behaviour can be disabled
by using --no-sudo flag.
https://fedorahosted.org/freeipa/ticket/3358
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides two new options for the ipa-client-install:
--nisdomain: specifies the NIS domain name
--no_nisdomain: flag to aviod setting the NIS domain name
In case no --nisdomain is specified and --no_nisdomain flag was
not set, the IPA domain is used.
Manual pages updated.
http://fedorahosted.org/freeipa/ticket/3202
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This option makes record changes in DNS tree synchronous.
IPA calls will wait until new data are visible over DNS protocol
or until timeout.
It is intended only for testing. It should prevent tests from
failing if there is bigger delay between changes in LDAP and DNS.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipa-client-automount calls automountlocation-show command during the
process. Unfortunately, FreeIPA commands are forward compatible only
and thus fail the installer.
Similarly to ipa-client-install, call XML-RPC interface directly
with version fixed to 2.0 (command was already available at that
version) to fix the failure.
https://fedorahosted.org/freeipa/ticket/4290
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password
which the order could be confusing to some users. This changes ipa-client-install to synchronize time
before prompting for user kerberos authentication.
https://fedorahosted.org/freeipa/ticket/3957
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
If SSH keys have not been generated prior to enrolling the client to the
IPA server, they will not be uploaded to the server, since they're not
present. Clarify this issue in the man pages.
https://fedorahosted.org/freeipa/ticket/4055
Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When ipa client installation fails due to failed Kerberos authentication,
make sure that the message about the failed authentication is displayed last.
This makes it clear to the user that this was the reason for failed
installation.
https://fedorahosted.org/freeipa/ticket/3573
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
Parameter -s for ipa-join has hostame instead of hostname
https://fedorahosted.org/freeipa/ticket/3250
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
C99 is supported on all compilers we target and
provides some useful features, including:
* Standard struct initializers
* Compound literals
* For-loop declarations
* Standard bool type
* Variable arrays (use with caution)
* Too many others to mention...
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4094
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4094
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4091
|
|
|
|
|
|
|
|
|
| |
IPA client installation did not preserve the status of nscd and nslcd services
correctly. E.g. nscd would be started after uninstallation, even though it
wasn't running before client installation. Make sure the state of services is
saved before installation and correctly restored after uninstallation.
https://fedorahosted.org/freeipa/ticket/3790
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.
FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2
https://fedorahosted.org/freeipa/ticket/3438
Updated by pviktori@redhat.com
|
|
|
|
|
|
|
|
|
|
|
| |
The ipa-client-install script and ipa-join use different methods
of resolving the hostname, the former uses gethostbyaddr() call,
while the latter reads the "uinfo.nodename".
This can result ipa-client-install failures in case of broken PTR
records.
https://fedorahosted.org/freeipa/ticket/4027
|