summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add support for the 'no_create', 'no_update', and 'no_search' Param flagsJason Gerard DeRose2010-02-052-6/+114
|
* Set default log level in the *-manage utilities to ERROR and not NOTSETRob Crittenden2010-02-042-2/+2
|
* - pull in updated schema which adds the krbCanonicalName attributeNalin Dahyabhai2010-02-041-1/+15
|
* Fix condition bug in ipa-pwd-extop plugin. Variable used uninitialized.Pavel Zuna2010-02-041-7/+10
|
* Configure sssd and certmonger in ipa-client-installRob Crittenden2010-02-032-8/+99
| | | | | | | | | | | This does a number of things under the hood: - Use authconfig to enable sssd in nss and pam - Configure /etc/sssd/sssd.conf to use our IPA provider - Enable the certmonger process and request a server cert - join the IPA domain and retrieve a principal. The clinet machine *must* exist in IPA to be able to do a join. - And then undo all this on uninstall
* Fix sample IPA command example at end of installationRob Crittenden2010-02-031-1/+1
| | | | Resolves #531455
* fix error message to be i18n translator friendlyJohn Dennis2010-02-031-1/+2
| | | | | | | | This error message was producing a warning from xgettext because there were multiple substations in the string. In some languages it may be necessary to reorder the substitutions for a proper translation, this is only possible if the substitutions use named values.
* Bring ipa-server-install man page up-to-date, fix some syntax errorsRob Crittenden2010-02-031-20/+30
| | | | | | | | | | | Remove a bunch of trailing spaces Add the --ca option Add the --no-host-dns option Add the --subject option Fix the one-character option for --no-ntp, should be -N not -n Add missing line break between --no-ntp and --uninstall Resolves #545260
* Add permissions for named to communicate over ldapiRob Crittenden2010-02-031-1/+4
|
* Implement pwplicy_find to show all group password policiesRob Crittenden2010-02-031-0/+32
| | | | | find is a bit of a misnomer here because we consider no search terms, it is all or nothing.
* Add flag to allow a cert to be re-issuedRob Crittenden2010-02-031-3/+7
| | | | | I don't want a user to accidentally re-issue a certificate so I've added a new flag, --revoke, to revoke the old cert and load the new one.
* Only change the log level if it isn't already setRob Crittenden2010-02-031-4/+5
| | | | | | This primarily affects the installer. We want to log to the install/ uninstall file in DEBUG. This was getting reset to INFO causing lots of details to not show in the logs.
* Be more careful when base64-decoding certificatesRob Crittenden2010-02-024-16/+9
| | | | | Only decode certs that have a BEGIN/END block, otherwise assume it is in DER format.
* Base64-encode binary values on the command-lineRob Crittenden2010-02-021-3/+17
|
* Remove group-specific password policy on group deletionRob Crittenden2010-01-291-0/+8
|
* Remove some configuration files we create upon un-installationRob Crittenden2010-01-282-1/+12
| | | | | This is particularly important for Apache since we'd leave the web server handling unconfigured locations.
* Remove (un)wrap_binary_data cruft from */ipautil.pyJohn Dennis2010-01-282-124/+0
| | | | | | | | Remove SAFE_STRING_PATTERN, safe_string_re, needs_base64(), wrap_binary_data(), unwrap_binary_data() from both instances of ipautil.py. This code is no longer in use and the SAFE_STRING_PATTERN regular expression string was causing xgettext to abort because it wasn't a valid ASCII string.
* Remove __public__ and __proxy__ hold-overs from Plugin classJason Gerard DeRose2010-01-286-227/+1
|
* Update dogtag configuration to work after CVE-2009-3555 changesRob Crittenden2010-01-273-6/+18
| | | | | | | | NSS is going to disallow all SSL renegotiation by default. Because of this we need to always use the agent port of the dogtag server which always requires SSL client authentication. The end user port will prompt for a certificate if required but will attempt to re-do the handshake to make this happen which will fail with newer versions of NSS.
* Fix schema loading in the ldap backend.Pavel Zuna2010-01-271-1/+4
|
* Update spec to require python-wehjit >= 0.2.0Jason Gerard DeRose2010-01-271-1/+4
|
* Require that the hostname we are joining as is fully-qualifiedRob Crittenden2010-01-261-0/+6
|
* Remove duplicated codeRob Crittenden2010-01-261-6/+0
| | | | This strange bit of duplication was not surprisingly causing a double-free
* Enabled CRUDS in webUI using wehjit 0.2.0Jason Gerard DeRose2010-01-266-199/+239
|
* Fixed xmlrpc_test.fuzzy_digits for Fedora12Jason Gerard DeRose2010-01-222-2/+2
|
* Set BIND to use ldapi and use fake mnameMartin Nagy2010-01-212-1/+4
| | | | | | The fake_mname for now doesn't exists but is a feature that will be added in the near future. Since any unknown arguments to bind-dyndb-ldap are ignored, we are safe to use it now.
* Move some functions from ipa-server-install into installutilsMartin Nagy2010-01-212-54/+54
| | | | | We will need these functions in the new upcoming ipa-dns-install command.
* Allow a custom file mode when setting up debuggingMartin Nagy2010-01-211-2/+2
| | | | | | This will be handy in the future if we will want to install or uninstall only single IPA components and want to append to the installation logs. This will be used by the upcoming ipa-dns-install script.
* Only add an NTP SRV record if we really are setting up NTPMartin Nagy2010-01-214-8/+16
| | | | | | | The sample bind zone file that is generated if we don't use --setup-dns is also changed. Fixes #500238
* Use the dns plug-in for addition of records during installationMartin Nagy2010-01-214-146/+82
| | | | Fixes #528943
* Move api finalization in ipa-server-install after writing default.confMartin Nagy2010-01-211-23/+22
| | | | | We will need to have ipalib correctly configured before we start installing DNS entries with api.Command.dns.
* Fix merge issue, cut-and-paste errorRob Crittenden2010-01-211-2/+1
|
* Fix merge error, variable mis-named label instead of docRob Crittenden2010-01-211-1/+1
|
* User-defined certificate subjectsRob Crittenden2010-01-2011-46/+164
| | | | | | | | | | | | | | | Let the user, upon installation, set the certificate subject base for the dogtag CA. Certificate requests will automatically be given this subject base, regardless of what is in the CSR. The selfsign plugin does not currently support this dynamic name re-assignment and will reject any incoming requests that don't conform to the subject base. The certificate subject base is stored in cn=ipaconfig but it does NOT dynamically update the configuration, for dogtag at least. The file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to be updated and pki-cad restarted.
* Stop looking when removing entries from a keytab.Rob Crittenden2010-01-201-0/+5
| | | | keytab entries are locked when looping. Temporarily suspend the looping.
* Fix plugin to work with new output validation, add new helpersRob Crittenden2010-01-201-34/+57
| | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed.
* Add DS migration plugin and password migration page.Pavel Zuna2010-01-2011-0/+637
|
* Add --enable-migration option in config plugin.Pavel Zuna2010-01-201-1/+14
|
* Add BIND pre-op for DS->IPA password migration to ipa-pwd-extop DS plugin.Pavel Zuna2010-01-203-15/+244
|
* Allow adding entries with pre-hashed passwords, but don't generate keys for ↵root2010-01-201-8/+15
| | | | | | them. Fix bug #528922.
* Temporary fix for name collision of textui.print_entry.Pavel Zuna2010-01-202-3/+3
| | | | Somehow there's two of them... rename old one to print_entry1.
* Make DNS plugin support output validation and thus make it work again.Pavel Zuna2010-01-201-39/+86
|
* Create pkiuser before calling pkicreate, pkicreate depends on the user existingJohn Dennis2010-01-201-1/+1
|
* Correct some comment errorsRob Crittenden2010-01-191-2/+1
|
* pass DER flag to x509.get_serial_number()John Dennis2010-01-191-1/+1
|
* Allow cospriority to be updated and fix description of priority orderingRob Crittenden2010-01-192-16/+40
| | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work.
* Use 'l' instead of 'localityname' in host plugin.Pavel Zuna2010-01-141-2/+14
| | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS.
* Make host objects aware of their membership and that l==localityName.Pavel Zuna2010-01-141-0/+6
|
* Add default values for krb ticket policy attributes during installation.Pavel Zuna2010-01-132-0/+8
|
* Add Kerberos Ticket Policy management plugin.Pavel Zuna2010-01-132-27/+167
|
generated by cgit (git 2.34.1) at 2025-09-07 20:31:22 +0000