diff options
| author | Ade Lee <alee@redhat.com> | 2013-09-25 22:09:10 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2013-09-30 11:52:05 -0400 |
| commit | 6eaf2c01c211cf06053c82b1e296909ce8d874b6 (patch) | |
| tree | 878a2f962d49686706d78d353aac61d839deb2ec /base/server/etc/default.cfg | |
| parent | 5874cad1abe832a4a74cb37a4c22f0e18cf9bd8e (diff) | |
| download | pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.gz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.xz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.zip | |
Add service to generate and retrieve a shared secret
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
Diffstat (limited to 'base/server/etc/default.cfg')
| -rw-r--r-- | base/server/etc/default.cfg | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index d8ca7fe1f..88f9f780c 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -551,6 +551,7 @@ pki_ca_uri=https://%(pki_hostname)s:%(pki_https_port)s pki_kra_uri=https://%(pki_hostname)s:%(pki_https_port)s pki_tks_uri=https://%(pki_hostname)s:%(pki_https_port)s pki_enable_server_side_keygen=False +pki_import_shared_secret=False # Paths # These are used in the processing of pkispawn and are not supposed |