pki.git/base/ca/shared, branch alee-76 Unnamed repository; edit this file 'description' to name the repository. Provide option to install, rather than replicate schema in a clone 2012-10-22T14:37:47+00:00 Ade Lee alee@redhat.com 2012-10-19T05:35:04+00:00 48d2e92bc81d20b27ce4f6e2533d2d4cf70055bf 






Reorder VLV indexing for clones to avoid errors
2012-10-22T14:36:50+00:00

Ade Lee
alee@redhat.com

2012-10-18T05:20:46+00:00

a191e9632cebe547b3e23c1d7dca688b294dd880












Enabled authentication for security domain REST interface.
2012-10-18T15:06:54+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-06T21:33:48+00:00

168d95446c3a7ae8643128a51fa86dd326e3a6a8

The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309





The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309







Using RPM version number in CMake.
2012-10-01T18:15:44+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-30T17:21:46+00:00

f81718c563ea12240e161a807013acd2d6eb1f2e

The RPM spec files have been modified to pass the full RPM version
number to CMake. The version number contains the product version
number, release number, milestone, and platform. The CMake scritps
will parse and use this version number to generate Java manifest
files. The product version number will be used as the specification
version and full version number will be used as the implementation
version.

Ticket #339





The RPM spec files have been modified to pass the full RPM version
number to CMake. The version number contains the product version
number, release number, milestone, and platform. The CMake scritps
will parse and use this version number to generate Java manifest
files. The product version number will be used as the specification
version and full version number will be used as the implementation
version.

Ticket #339







Audit Cert Renewal
2012-09-21T00:08:50+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-09-20T17:23:47+00:00

f5b8ea5b087f642a0208c228dce6f700cd7d91c1

* TRAC Ticket #333 - Increase audit cert renewal range to 2 years
* Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years





* TRAC Ticket #333 - Increase audit cert renewal range to 2 years
* Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years







Added common ROOT webapp.
2012-09-12T17:38:58+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-08-28T19:14:54+00:00

7c622a4e5714af8f83ce30022c970cc36c2ee597

The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89





The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89







Added proxy realm.
2012-09-05T15:09:41+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-08-21T22:38:29+00:00

8eb2eac080c2e9595b506f49f25d2c1718453bbc

CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89





CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89







Enabled SSL authenticator and PKI realm.
2012-08-03T22:07:20+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-07-27T01:40:08+00:00

9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d

The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107





The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107







Moved REST services into separate URLs.
2012-08-03T22:07:13+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-07-27T01:40:08+00:00

eca4d635e67eaf3c6878d35acfaaf11df53151e2

To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107





To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107







ECC directory enrollment profile
2012-08-02T22:48:56+00:00

Andrew Wnuk
awnuk@redhat.com

2012-08-02T22:48:56+00:00

1d85941aa2f80f3da619504fe4310fe47cb5b036

This patch adds ECC directory enrollment profile.

Bug: 748514.





This patch adds ECC directory enrollment profile.

Bug: 748514.