summaryrefslogtreecommitdiffstats
path: root/ipa-install
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-install')
-rw-r--r--ipa-install/README21
-rw-r--r--ipa-install/share/bind.zone.db.template26
-rw-r--r--ipa-install/share/fedora-ds.init.patch12
-rw-r--r--ipa-install/share/krb5.conf.template42
4 files changed, 101 insertions, 0 deletions
diff --git a/ipa-install/README b/ipa-install/README
new file mode 100644
index 00000000..31e7375f
--- /dev/null
+++ b/ipa-install/README
@@ -0,0 +1,21 @@
+
+Required packages:
+
+krb5-server
+fedora-ds-base
+openldap-clients
+krb5-server-ldap
+cyrus-sasl-gssapi
+
+
+Installation example:
+
+TEMPORARY: (until fedora ds scripts are fixed)
+please use the fedora-ds.init.patch under share/ to patch your init scripts before
+running ipa-server-install
+
+cd ipa-install
+make install
+cd ..
+/usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -m ipafree
+
diff --git a/ipa-install/share/bind.zone.db.template b/ipa-install/share/bind.zone.db.template
new file mode 100644
index 00000000..e846c4f2
--- /dev/null
+++ b/ipa-install/share/bind.zone.db.template
@@ -0,0 +1,26 @@
+$$ORIGIN $DOMAIN.
+$$TTL 86400
+@ IN SOA $DOMAIN. root.$DOMAIN. (
+ 01 ; serial (d. adams)
+ 3H ; refresh
+ 15M ; retry
+ 1W ; expiry
+ 1D ) ; minimum
+
+ IN NS $HOST
+$HOST IN A $IP
+;
+; ldap servers
+_ldap._tcp IN SRV 0 100 389 $HOST
+
+;kerberos realm
+_kerberos IN TXT $REALM
+
+; kerberos servers
+_kerberos._tcp IN SRV 0 100 88 $HOST
+_kerberos._udp IN SRV 0 100 88 $HOST
+_kerberos-master._tcp IN SRV 0 100 88 $HOST
+_kerberos-master._udp IN SRV 0 100 88 $HOST
+_kpasswd._tcp IN SRV 0 100 88 $HOST
+_kpasswd._udp IN SRV 0 100 88 $HOST
+
diff --git a/ipa-install/share/fedora-ds.init.patch b/ipa-install/share/fedora-ds.init.patch
new file mode 100644
index 00000000..88a04fc2
--- /dev/null
+++ b/ipa-install/share/fedora-ds.init.patch
@@ -0,0 +1,12 @@
+--- /etc/init.d/fedora-ds.orig 2007-07-06 18:21:30.000000000 -0400
++++ /etc/init.d/fedora-ds 2007-05-18 19:36:24.000000000 -0400
+@@ -10,6 +10,9 @@
+ # datadir: /var/lib/fedora-ds/slapd-<instance name>
+ #
+
++# Get config.
++[ -r /etc/sysconfig/fedora-ds ] && . /etc/sysconfig/fedora-ds
++
+ # Source function library.
+ if [ -f /etc/rc.d/init.d/functions ] ; then
+ . /etc/rc.d/init.d/functions
diff --git a/ipa-install/share/krb5.conf.template b/ipa-install/share/krb5.conf.template
new file mode 100644
index 00000000..23a24703
--- /dev/null
+++ b/ipa-install/share/krb5.conf.template
@@ -0,0 +1,42 @@
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ default_realm = $REALM
+ dns_lookup_realm = true
+ dns_lookup_kdc = true
+ ticket_lifetime = 24h
+ forwardable = yes
+
+[realms]
+ $REALM = {
+ kdc = $FQDN:88
+ admin_server = $FQDN:749
+ default_domain = $DOMAIN
+}
+
+[domain_realm]
+ .$DOMAIN = $REALM
+ $DOMAIN = $REALM
+
+[appdefaults]
+ pam = {
+ debug = false
+ ticket_lifetime = 36000
+ renew_lifetime = 36000
+ forwardable = true
+ krb4_convert = false
+ }
+
+[dbmodules]
+ $REALM = {
+ db_library = kldap
+ ldap_servers = ldap://127.0.0.1/
+ ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
+ ldap_kdc_dn = uid=kdc,cn=kerberos,$SUFFIX
+ ldap_kadmind_dn = uid=kdc,cn=kerberos,$SUFFIX
+ ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
+ }
+
generated by cgit (git 2.34.1) at 2025-09-11 12:01:52 +0000