pki.git/base/common/src/com/netscape, branch ticket-309 Unnamed repository; edit this file 'description' to name the repository. Refactored GetCookie servlet. 2012-10-17T23:26:18+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-15T21:44:14+00:00 ce85954043c1890cd83bdb2ba79e8c92eb4405ae The GetCookie servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309 
The GetCookie servlet has been refactored to use the new
SecurityDomainProcessor.

Ticket #309
Enabled authentication for security domain REST interface. 2012-10-17T23:26:10+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-06T21:33:48+00:00 2e2a1ed2401a9b0130eb2b5218508f5c1fd569b1 The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309 
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309
Reverted to old interface and httpclient to get installation token. 2012-10-12T20:18:10+00:00 Ade Lee alee@redhat.com 2012-10-12T04:40:12+00:00 d6634a7505df8358322b04b8892139195031e5eb This is a workaround until we can get the new interface working on IPA clones. 
This is a workaround until we can get the new interface working on IPA
clones.
Return to d9 behavior for RetrieveModificationsTask 2012-10-12T03:55:12+00:00 Ade Lee alee@redhat.com 2012-10-12T03:17:45+00:00 212ab82665fae5846bb6ad97733ff9ce2c2cb675 






Added version number into server status.
2012-09-28T14:43:26+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-28T05:44:14+00:00

87d290dd376514344f7e18cb720e598fcaf7f36c

The GetStatus servlet has been modified to include the server version
number.

Ticket #339





The GetStatus servlet has been modified to include the server version
number.

Ticket #339







fall back to old interface for installtoken if needed
2012-09-28T02:40:00+00:00

Ade Lee
alee@redhat.com

2012-09-25T03:23:06+00:00

854ecce0fc312e65804d84041cbc93b17cce88a5












Renamed escapeDN() into escapeRDNValue().
2012-09-28T02:22:18+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-20T15:11:22+00:00

1726794341e9e58256004f040b276fa579161b6b

The escapeDN() has been renamed into escapeRDNValue() for better
clarity.

Ticket #193





The escapeDN() has been renamed into escapeRDNValue() for better
clarity.

Ticket #193







(fixed warning for) task #304 TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
2012-09-27T00:20:54+00:00

Christina Fu
cfu@redhat.com

2012-09-27T00:20:54+00:00

f4ecf488c402c8aac9334eb8a27c98dfcd5041f6












Use getStatus servlet to provide startup status
2012-09-21T19:42:42+00:00

Ade Lee
alee@redhat.com

2012-09-21T19:40:34+00:00

11e05d322df8ab09673cd9d4918ec39a8cb82999

Ticket 314





Ticket 314







Changes to use standard dbuser
2012-09-20T02:20:34+00:00

Ade Lee
alee@redhat.com

2012-09-19T16:37:41+00:00

e1666df57fb49b4c2c20563559cd2a7450a6f9f4

We create a user that can be used to connect to the database using the
subsystem cert for client auth.  We identified this user, using the seeAlso
attribute and provided certmap rules to this effect.

For this user, we used to reuse the uid = user CA-hostname-port, which is already
created for inter-system communication.  But this is problematic if more than one
dbuser exists, as the directory server may bind as the incorrect user.  In any
replication topology, there must be only one dbuser using the subsystem cert.

To simplify things, we create a new user specifically for this purpose
(pkidbuser), and we remove the seeAlso attribute from the older dbusers.

A script is needed to convert existing dogtag 9 istances to use the new user,
and set the relevant acls.  This will be done in a separate commit.





We create a user that can be used to connect to the database using the
subsystem cert for client auth.  We identified this user, using the seeAlso
attribute and provided certmap rules to this effect.

For this user, we used to reuse the uid = user CA-hostname-port, which is already
created for inter-system communication.  But this is problematic if more than one
dbuser exists, as the directory server may bind as the incorrect user.  In any
replication topology, there must be only one dbuser using the subsystem cert.

To simplify things, we create a new user specifically for this purpose
(pkidbuser), and we remove the seeAlso attribute from the older dbusers.

A script is needed to convert existing dogtag 9 istances to use the new user,
and set the relevant acls.  This will be done in a separate commit.