From ab1667f3c1607a22c6df49ceba58274347bc5826 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 24 Nov 2009 16:07:44 -0500
Subject: Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.

The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify
requests with subject alt names.

Subject alt names are only allowed if:
  - the host for the alt name exists in IPA
  - if binding as host principal, the host is in the services managedBy attr
---
 install/tools/ipa-server-install | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'install/tools')

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index be525f73d..0b2660f3a 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -787,6 +787,10 @@ def main():
     service.print_msg("restarting the KDC")
     krb.restart()
 
+    # Restart httpd to pick up the new IPA configuration
+    service.print_msg("restarting the web server")
+    http.restart()
+
     # Create a BIND instance
     bind = bindinstance.BindInstance(fstore, dm_password)
     bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
-- 
cgit