summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix not so random random passwordsMark McLoughlin2008-01-221-4/+2
| | | | | | | | | | | | | | If you run ipa_generate_password() multiple times, one after the other, then you get the same password each time. This is because it uses the current time to seed the pseudo random number generator. The easiest solution is to just use the default method which seeds itself from /dev/urandom if available, and uses a fractional time value otherwise. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Re-factor the ipa_webgui and ipa_kpasswd instance codeMark McLoughlin2008-01-226-66/+41
| | | | | | | | | The ipa_webgui and ipa_kpasswd instance code is identical and I want to add another similar instance down the line, so re-factor the code into a service.SimpleServiceInstance class. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Initialise DsInstance.pkcs12_infoMark McLoughlin2008-01-221-0/+1
| | | | | | | | DsInstance.pkcs12_info isn't currently initialised in the constructore so, e.g. __enable_ssl() assumes that create_instance() has initialised it. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Small refactor of dsinstance.config_dirname()Mark McLoughlin2008-01-222-13/+13
| | | | | | | | | | | | | If, in future, we change the server ID so that it's not derived from the realm name, there's a fair few places that need to be changed. Make that easier by having config_dirname() take the server ID rather than the realm name. That makes sense anyway so we don't have to realm_to_serverid() so much. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Remove questions from ipaserver.dsinstanceMark McLoughlin2008-01-222-25/+34
| | | | | | | | | | | | | Let's assume that all ipaserver.dsinstance could be used somewhere where asking questions on stdout/stdin is not approriate and re-factor the code to be suitable in those situations too. i.e. make check_existing_installation() return a list of server IDs and make check_ports() return an (unsecure, secure) tuple indication which ports are in use. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use consistent naming for tools.Rob Crittenden2008-01-259-17/+17
| | | | Resolves 430243
* Listen only on the localhost interfaceRob Crittenden2008-01-251-0/+4
| | | | Resolves bz 430191
* Dropped the last 's' in the sessions cache directoryRob Crittenden2008-01-241-1/+1
|
* Major mistake on my part by adding sessions to the wrong place. This brokeRob Crittenden2008-01-241-1/+1
| | | | ipa_webgui.
* Missed one replacement of pyasn1 -> python-pyasn1Rob Crittenden2008-01-241-1/+1
|
* Include --prefix in all invocations of autogen.sh.Rob Crittenden2008-01-241-2/+2
| | | | Resolves bz 430002
* Use Fedora package names for PyKerberos (python-kerberos) and pyasn1Rob Crittenden2008-01-245-10/+24
| | | | (python-pyasn1) for the specfile Requires.
* Add a copy of the LICENSE and populate some README'sRob Crittenden2008-01-236-0/+486
|
* Enable server-side sessions. It is currently using files for sessions.Rob Crittenden2008-01-237-3/+38
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-1843-148/+188
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Fix case where a question was being asked in unattended mode.Rob Crittenden2008-01-171-2/+10
| | | | | Catch permission errors on install. Initialize srv so the error message works if the user presses enter
* Add cyrus-sasl-gssapi as a requirement.Rob Crittenden2008-01-162-2/+2
|
* Add ipa-server-install --uninstallMark McLoughlin2008-01-118-6/+148
| | | | | | | | Add a --uninstall option to ipa-server-install which tries to restore the system to the way it was before ipa-server-install was run using the state backed up through sysrestore.py. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Backup system state in ipa-server-installRob Crittenden2008-01-1415-20/+375
| | | | | | | | | | | | | This patch adds a sysrestore module which allows ipa-server-install code to backup any system state so that it can be restored again with e.g. ipa-server-install --uninstall. The idea is that any files ipa-server-install modifies gets backed up to /var/cache/ipa/sysrestore/ while any "meta" state, like whether a service is enabled with chkconfig, is saved to /var/cache/ipa/sysrestore.state. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Update the .spec filenames in EXTRA_DISTMark McLoughlin2008-01-112-2/+2
| | | | Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use tempfile.mkdtemp() rather than hardcoded tmpdirMark McLoughlin2008-01-111-9/+4
| | | | | | | httpinstance.py currently uses a hardcoded /tmp/ipa temporary directory. Make it use tempfile.mkdtemp() instead. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Refactor some krbinstance templating codeMark McLoughlin2008-01-111-25/+12
| | | | Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use service.py helpersMark McLoughlin2008-01-111-1/+1
| | | | | | | In dsinstance.py, there's one place we could use the service.py helpers where we don't currently. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Add service.is_enabled() helperMark McLoughlin2008-01-112-1/+26
| | | | | | Add a simple helper to check whether a service is enabled. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Add service.is_running() helperMark McLoughlin2008-01-112-10/+12
| | | | | | | | Add a simple helper to check whether a service is running and make ipa-server-install use it to check whether ntpd is running. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Find and delete service principals from the command-line.Rob Crittenden2008-01-114-0/+249
|
* Service principal deletionRob Crittenden2008-01-117-2/+138
|
* Remove registration of get_keytabRob Crittenden2008-01-031-1/+0
|
* Run ipa-webgui as apache and not as rootRob Crittenden2008-01-111-1/+3
|
* Fix help text of -a argumentRob Crittenden2008-01-111-1/+1
|
* Clean up the formatting a little.Rob Crittenden2008-01-043-17/+4
|
* Add man pageRob Crittenden2008-01-041-0/+54
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-046-5/+49
| | | | easier to use.
* Make button test consistent with rest of pageRob Crittenden2008-01-071-1/+1
|
* In add_service_principal() don't let the user pass in the realm.Rob Crittenden2008-01-071-0/+4
| | | | This could result in a principal of the form: service/host@something@REALM
* Use a more obvious name for the subject of the IPA self-signed CARob Crittenden2008-01-041-1/+1
|
* Support getting in a principal with out the REALM partSimo Sorce2007-12-211-2/+15
|
* - Enable ssl for replication.Karl MacMillan2007-12-215-4/+129
| | | | | - Add replication management script that allows listing adding, and deleting replicas.
* Added tag milestone_6 for changeset 84bc1acacd93Karl MacMillan2007-12-211-0/+1
|
* Merge.milestone_6Karl MacMillan2007-12-213-65/+1
|\
| * Finishe removing previous code to fetch keytabsSimo Sorce2007-12-214-66/+1
| |
* | Remove ipa-keytab-util from configure.ac.Karl MacMillan2007-12-212-1/+0
|/
* Remove ipa-keytab-util since it is superceded by the DS plugin.Karl MacMillan2007-12-215-329/+0
|
* Merge version changes with upstreamSimo Sorce2007-12-2116-16/+52
|\
| * Update versions for release.Karl MacMillan2007-12-2116-16/+52
| |
* | Big changeset that includes the work around keytab management.Simo Sorce2007-12-2114-521/+1852
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following the changelog history from my dev tree, some comments are useful imo ------------------------------------------------------ user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 03:05:36 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Remove remnants of the initial test tool changeset: 563:4fe574b7bdf1 user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 02:58:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Maybe actually encrypting the keys will help :-) changeset: 562:488ded41242a user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:50 2007 -0500 files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif description: Fixes changeset: 561:4518f6f5ecaf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:32 2007 -0500 files: ipa-admintools/Makefile ipa-admintools/ipa-addservice description: transform the old ipa-getkeytab in a tool to add services as the new ipa-getkeytab won't do it (and IMO it makes more sense to keep the two functions separate anyway). changeset: 559:25a7f8ee973d user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:59 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Bugfixes changeset: 558:28fcabe4aeba user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:29 2007 -0500 files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c description: Configure fixes Add ipa-getkeytab to spec Client fixes changeset: 557:e92a4ffdcda4 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:57:10 2007 -0500 files: ipa-client/Makefile.am ipa-client/configure.ac description: Try to make ipa-getkeytab build via autotools changeset: 556:224894175d6b user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:35:56 2007 -0500 files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c description: Messed a bit with hg commands. To make it short: - Remove the python ipa-getkeytab program - Rename the keytab plugin test program to ipa-getkeytab - Put the program in ipa-client as it should be distributed with the client tools changeset: 555:5e1a068f2e90 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:20:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Polish the client program changeset: 554:0a5b19a167cf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 18:53:49 2007 -0500 files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py description: Support retrieving enctypes from LDAP Filter enctypes Update test program changeset: 553:f75d7886cb91 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 00:17:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Fix ber generation and remove redundant keys changeset: 552:0769cafe6dcd user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 19:31:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Avoid stupid segfault changeset: 551:1acd5fdb5788 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:39:12 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: If ber_peek_tag() returns LBER_ERROR it may just be that we are at the end of the buffer. Unfortunately ber_scanf is broken in the sense that it doesn't actually really consider sequence endings (due probably to the fact they are just representation and do not reflect in the underlieing DER encoding.) changeset: 550:e974fb2726a4 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:35:07 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: First shot at the new method
* Correct serial number for ds certs.Karl MacMillan2007-12-211-1/+1
|
* Convert replication to use the new cert infrastructure andKarl MacMillan2007-12-207-71/+114
| | | | | | correctly issue certs from the same authority. Also remove support for read-only replicas since that work will not be finished and tested for 1.0.
* Simplify kerberos calling.Karl MacMillan2007-12-191-16/+1
|
* Refactor keytab creationMark McLoughlin2007-12-183-95/+47
| | | | | | | | | There's a few places where we spawn of kadmin to add/modify principals and create keytabs. Refactor all that code into installutils. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-05 00:24:56 +0000