summaryrefslogtreecommitdiffstats
path: root/ipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* Add new plugin used to modify related attributes after a modrdn operation.Simo Sorce2010-10-281-0/+2
|
* remove rule for inc files.Adam Young2010-10-251-1/+0
|
* Grant /usr/sbin/ipa_kpasswd "name_bind" access.Rob Crittenden2010-10-221-1/+3
| | | | | | | Requires selinux-policy-3.6.32-123 on F12 Requires selinux-policy-3.7.19-40 on F13 ticket 73
* Add default python encoding module to reset default from ascii to utf-8Rob Crittenden2010-10-221-2/+7
| | | | Also clean up some duplicate files in the rpm for the UI.
* ipa-uuid: DNA-like plugin that generates uuidsSimo Sorce2010-10-221-0/+2
|
* Add Requires on ipa-client to ipa-admintools, ensure ipa client is configuredRob Crittenden2010-10-151-0/+1
| | | | | | | | | | It makes little sense to install ipa-admintools without ipa-client, require it. Also see if the client has been configured. This is a bit tricky since we have a full set of defaults. Add a new env option that gets set if at least one configuration file is loaded. ticket 213
* Drop python-configobj from Requires and remove message about ipa-ldap-updaterRob Crittenden2010-09-231-6/+4
| | | | | | | | python-configobj is a leftover from TurboGears requires as far as I can tell. The ipa-ldap-updater message was supposed to detect when an upgrade was installed but not applied. We are doing upgrades differently in v2. tickets 141 and 219
* Big webUI patch.Pavel Zuna2010-09-171-0/+1
| | | | | | | | | | | | | Quick summary: - use jQuery UI and jQuery BBQ libraries - code restructuring The patch has so many changes they can't be listed here. Many parts of the code have been rewritten from scrach. See freeipa-devel mailing list: webUI code restructuring [wall of text, diagrams, ... you've been warned!] 2010-09-07
* Clean up the spec file, add Requires for nss-pam-ldapd for F14+Rob Crittenden2010-09-101-14/+17
| | | | | | | | Also do the following: - Remove conflicts on mod_ssl - Remove a lot of version checking for EOL'd Fedora versions - Add a few conditionals for rhel6 - Add Requires of nss-tools on ipa-client
* Break out install into more steps, add -key_algorithm to pkisilentRob Crittenden2010-08-191-3/+10
| | | | | | | | | | | | | Installing dogtag is quite slow and it isn't always clear that things are working. This breaks out some restart calls into separate steps to show some amount of progress. There are still some steps that take more than a minute (pkicreate and pkisilent). Add new argument to pkisilent, -key_algorithm Update a bunch of minimum required versions in the spec file. tickets 139 (time) and 144 (key_algorithm)
* Add a BuildRequires for authconfigRob Crittenden2010-08-161-0/+4
| | | | ticket 137
* Changes to the install and config files to support deploying the javascript ↵Adam Young2010-08-061-0/+6
| | | | code.
* Drop our own PKCS#10 ASN.1 decoder and use the one from python-nssRob Crittenden2010-07-291-1/+4
| | | | | | | | | | | | | | | This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now.
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-291-4/+3
| | | | Javascript based ui.
* Include missing file from version plugin and update min version of 389-dsRob Crittenden2010-06-241-2/+7
|
* Replication version checking.Rob Crittenden2010-06-241-0/+2
| | | | | | | | Whenever we upgrade IPA such that any data incompatibilities might occur then we need to bump the DATA_VERSION value so that data will not replicate to other servers. The idea is that you can do an in-place upgrade of each IPA server and the different versions own't pollute each other with bad data.
* Drop --with-openldap option in the client. This is no longer optional.Rob Crittenden2010-06-211-1/+1
|
* use NSS for SSL operationsJohn Dennis2010-06-151-1/+1
|
* Remove Requires on separate package python-krbV in clientRob Crittenden2010-06-021-1/+3
| | | | | | We need the configured kerberos realm so we can clean up /etc/krb5.keytab. We have this already in /etc/ipa/default.conf so use that instead of requiring a whole other python package to do it.
* Move the dogtag SELinux rules loading into the spec fileRob Crittenden2010-05-271-2/+5
| | | | | | I couldn't put the dogtag rules into the spec file until we required dogtag as a component. If it wasn't pre-loaded them the rules loading would fail because types would be missing.
* client installation fixes: nscd, sssd min version, bogus join errorRob Crittenden2010-05-031-2/+5
| | | | | | - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in
* Add ipa man page.Pavel Zuna2010-04-071-0/+1
|
* Fix the client and client-rpms make targetsrcrit2010-03-191-2/+2
|
* Don't create /var/log/ipa_error.log since we aren't using TurboGears any more.Rob Crittenden2010-03-081-4/+4
|
* Install Contributors.txtJohn Dennis2010-03-041-6/+6
|
* Make the CA a required component and configured by default.Rob Crittenden2010-03-021-0/+1
| | | | | | | | To install IPA without dogtag use the --selfsign option. The --ca option is now deprecated. 552995
* Fixed ipa.spec.in to include share/ipa/wsgi.py*Jason Gerard DeRose2010-03-011-1/+4
|
* Run ipaserver under mod_wsgiJason Gerard DeRose2010-03-011-0/+5
|
* Add fix for wehjit (ctypes) SELinux problemJason Gerard DeRose2010-02-121-3/+6
|
* Add support for building internationalized translations.John Dennis2010-02-091-1/+5
| | | | | | | | | | | A new directory install/po has been added which contains all the translations for all files in IPA. The build has been agumented to build these files. Also the autogen.sh script was mostly replaced by autoreconf, the preferred method. The old autogen.sh sript also had some serious bugs in the way it compared versions which caused it to run old versions of some of the tools, using standared autoreconf is much better.
* Add ipa-dns-install scriptMartin Nagy2010-02-091-0/+1
| | | | Unfortunately, for now there is no --uninstall option.
* Configure sssd and certmonger in ipa-client-installRob Crittenden2010-02-031-0/+5
| | | | | | | | | | | This does a number of things under the hood: - Use authconfig to enable sssd in nss and pam - Configure /etc/sssd/sssd.conf to use our IPA provider - Enable the certmonger process and request a server cert - join the IPA domain and retrieve a principal. The clinet machine *must* exist in IPA to be able to do a join. - And then undo all this on uninstall
* Update spec to require python-wehjit >= 0.2.0Jason Gerard DeRose2010-01-271-1/+4
|
* Add DS migration plugin and password migration page.Pavel Zuna2010-01-201-0/+6
|
* Replace uses of %define with %global in the .spec fileRob Crittenden2010-01-071-7/+7
| | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai
* A utility for removing principals from a keytab.Rob Crittenden2009-12-041-0/+5
| | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine.
* Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any typeRob Crittenden2009-12-021-1/+5
|
* Replace /etc/ipa/ipa.conf with /etc/ipa/default.confRob Crittenden2009-12-011-3/+6
| | | | | | | The new framework uses default.conf instead of ipa.conf. This is useful also because Apache uses a configuration file named ipa.conf. This wipes out the last vestiges of the old ipa.conf from v1.
* Add SELinux policy for CRL file publishing.Rob Crittenden2009-11-261-0/+1
| | | | | | | | | | This policy should really be provided by dogtag. We don't want to grant read/write access to everything dogtag can handle so we change the context to cert_t instead. But we have to let dogtag read/write that too hence this policy. To top it off we can't load this policy unless dogtag is also loaded so we insert it in the IPA installer
* Bash tab completion scriptRob Crittenden2009-11-251-0/+11
|
* Require current versions of python-nss & python-lxmlJohn Dennis2009-11-231-1/+2
| | | | | | ipa.spec.in | 3 ++- ipapython/nsslib.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
* Add SELinux policy for UI assetsRob Crittenden2009-11-041-3/+5
| | | | | | | | This also removes the Index option of /ipa-assets as well as the deprecated IPADebug option. No need to build or install ipa_webgui anymore. Leaving in the code for reference purposes for now.
* ipa-server-install now renders UI assetsJason Gerard DeRose2009-11-041-0/+1
|
* Add a separate client-only targetRob Crittenden2009-10-171-4/+37
|
* Giant webui patch take 2Jason Gerard DeRose2009-10-131-2/+6
|
* Add man page for ipa-join commandRob Crittenden2009-10-121-0/+1
|
* No longer use the IPA-specific memberof plugin. Use the DS-supplied one.Rob Crittenden2009-10-121-2/+0
|
* Properly own (via ghost) the Apache configuration files.Rob Crittenden2009-09-281-2/+6
|
* Added BuildRequires: xmlrpc-c-develJason Gerard DeRose2009-09-241-0/+1
|
* Enrollment for a host in an IPA domainRob Crittenden2009-09-241-1/+4
| | | | | | | | | | | | This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
generated by cgit (git 2.34.1) at 2024-05-21 12:50:57 +0000