| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will create a host service principal and may create a host entry (for
admins). A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.
This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
We used to install it as ipa, now installing it as ipapython. The rpm
is still ipa-python.
|
| |
|
|
|
|
| |
Also cheat a little and don't force auto* to require files to exist
|
|
|
|
| |
463548
|
|
|
|
|
|
|
|
|
|
|
| |
rest of the krb5.conf configuration were. This clearly breaks
with the default EXAMPLE.COM realm configuratrion. Furthermore
it makes it not possible to try to 'fix' an installation by
rerruninng ipa-client-install
This patch removes the special case and avoids krb5.conf only
if the on_master flag is passed.
Fix also one inner 'if' statement to be simpler to understand.
|
|
|
|
|
| |
1. Allow to specify the salt type along with the enctype
2. Allow to specify a password instead of forcing a random secret
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix make maintainer-clean
Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)
Version 1.1.0 was released some times ago, bump up to 1.1.1
|
| |
|
|
|
|
| |
unused variables or missing krb5 prototypes.
|
|
|
|
| |
return in case any encryption type was explicitly requested
|
|
|
|
| |
438771
|
|
|
|
| |
443009
|
|
|
|
|
|
| |
on a separate line so moving it up front makes it easier to find.
443014
|
|
|
|
|
|
| |
it can be used by the client tool.
Fix the client tool imports to fail more gracefully.
|
|
|
|
| |
discovery fails to find them.
|
|
|
|
|
| |
configuration look at the specific tree where users are and
not search the full server.
|
|
|
|
|
| |
add the domain to the ipa.conf file for apps that need to know
This should fix a bug in the replica setup
|
|
|
|
| |
446869
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've been on a crusade (;-) to remove useless if-before-free tests,
so ran a script that spotted some here. I think I removed the first
batch (without braces) automatically, then manually removed the ones
with curly braces around the free statements.
You may well have doubts about the portability of removing those
tests, but as long as you don't care about SunOS4 or earlier, you'll
be fine. I've done similar things for e.g., coreutils, glibc, and git,
and have had no problems.
|
|
|
|
| |
446201
|
|
|
|
|
|
|
|
|
| |
We were just shutting down the KDC if it had been started prior to IPA
installation. We need to stop it in all cases.
And we should restart nscd as it may have made an LDAP connection.
440322
|
|
|
|
| |
thanks Nalin for spotting this.
|
|
|
|
|
| |
and avoid searching for KDC servers via DNS, we just connect
to ourselves.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file VERSION is now the sole-source of versioning.
The generated .spec files will been removed in the maintainer-clean targets
and have been removed from the repository.
By default a GIT build is done. To do a non-GIT build do:
$ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no
When updating the version you can run this to regenerate the version:
$ make version-update
The version can be determined in Python by using ipaserver.version.VERSION
|
|
|
|
|
|
|
|
|
| |
FreeIPA relies on RedHat's Directory Server, which uses mozldap.
A FreeIPA build using mozldap would reduce the project's dependencies and
redundant code. In addition, mozldap uses NSS instead of OpenSSL.
This is beneficial for the reasons listed in [1].
[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
|
| |
|
| |
|
|
|
|
| |
442136
|
|
|
|
| |
with discovered options, just verified.
|
| |
|
|
|
|
| |
It makes a huge difference on clients, if we cache lookups
|
|
|
|
|
|
|
|
| |
- Make sure timeouts are not too high, so that machine does not hang if remote
servers are not reachable
- Make sure root can always login no matter what the status of the ldap
servers
- use rfc2307bis schema directive
|
|
|
|
| |
(including RHEL4 contrib setup script)
|
|
|
|
| |
436501
|
| |
|
| |
|
|
|
|
|
|
| |
Return message on success
Avoid SASL output from being printed
Make sure the man page is up to date
|
|
|
|
|
|
|
| |
Improve LDAP error reporting
Don't return the str() of discovery values because it can return "None"
436130
|
|
|
|
|
|
| |
Put installation log files into /var/log.
430024
|
|
|
|
|
| |
Move imports into try/except so that ctrl-C can always be caught
Fix typo
|
|
|
|
|
|
|
| |
Don't allow empty responses to domain and realm name
Handle ctrl-C
434982
|