diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-05-03 06:48:57 +0000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-05-19 12:31:24 +0200 |
commit | 11b8a3434655932fa73f05d4bd864bed0194035c (patch) | |
tree | 7ca2d7ec3c2cd7b94355fb589d5b24a25720e079 /client | |
parent | 01a7416d305ddb11d5b83c99afbacf8ba854c148 (diff) | |
download | freeipa-11b8a3434655932fa73f05d4bd864bed0194035c.tar.gz freeipa-11b8a3434655932fa73f05d4bd864bed0194035c.tar.xz freeipa-11b8a3434655932fa73f05d4bd864bed0194035c.zip |
client install: fix client PKINIT configuration
Set `pkinit_anchors` in `krb5.conf` to a CA certificate bundle of CAs
trusted to issue KDC certificates rather than `/etc/ipa/ca.crt`.
Set `pkinit_pool` in `krb5.conf` to a CA certificate bundle of all CAs
known to IPA.
Make sure both bundles are exported in all installation code paths.
https://pagure.io/freeipa/issue/6831
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'client')
-rw-r--r-- | client/Makefile.am | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/client/Makefile.am b/client/Makefile.am index b6c9dea43..e354cb41a 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -101,4 +101,5 @@ EXTRA_DIST = \ install-data-hook: $(INSTALL) -d -m 755 $(DESTDIR)$(IPA_SYSCONF_DIR)/nssdb + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/pki $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/sysrestore |