summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Ignore GSS exception when iterating through server list. Fixes: 459864Martin Nagy2008-09-111-0/+2
|
* Try servers from ipa.conf even if we specified them on the command line.Martin Nagy2008-09-111-3/+2
|
* More strict input checks in ipa-pwpolicy and return non-zero when ↵Martin Nagy2008-09-111-7/+7
| | | | unsuccessful. Fixes: 461213, 461325, 461332, 461543
* Rework config.py and change cli tools. Maintain order of IPA servers from ↵Martin Nagy2008-09-1132-442/+376
| | | | command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
* Add script to simplify operations to fix CVE 2008 3274Simo Sorce2008-09-103-0/+521
| | | | | Import all of change master key directly into the help fix, allows for better control
* CVE 2008 3274 related fixesSimo Sorce2008-09-102-3/+9
|
* Add a tool to change the kerberos Master Key in case an admin wants to.Simo Sorce2008-09-102-0/+382
| | | | | | This tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC
* Retrieve the kerberos configuration every time a new, it will be a bit slowerSimo Sorce2008-09-101-252/+234
| | | | | but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise.
* Display name as separate attributes instead of showing common name.Rob Crittenden2008-08-222-2/+17
| | | | | | | We allow one to individually set first and last name but we do not automatically update the common name so changes don't seem to happen. 451318
* Add options to display a subset of delegations and return 2 if none are found.Rob Crittenden2008-08-221-16/+31
| | | | 452027
* Add 2 features to ipa-getkeytab:Simo Sorce2008-08-211-195/+443
| | | | | 1. Allow to specify the salt type along with the enctype 2. Allow to specify a password instead of forcing a random secret
* Minor bugs found while testing stuff.Simo Sorce2008-08-212-1/+2
| | | | | | - wrong import in certs.py makes ipa-replica-manage fail - close the fs after the stash file is written so that the file is updated immediately and not when the fd is garbage collected
* Limit the mod_rewrite rules to just /ipaRob Crittenden2008-08-211-4/+4
| | | | 459209
* Add tool to manage IPA Search and User policyRob Crittenden2008-08-205-2/+255
| | | | 448624, 448625
* Fix segfault cause by empty target entrySimo Sorce2008-08-191-3/+22
|
* Create temporary files used in self-signed cert requests in a temporary ↵Rob Crittenden2008-08-151-2/+8
| | | | | | directory and ensure that it gets cleaned up when we're done with it. 458159
* Comment out code that generates keys with a random salt, apparently this ↵Simo Sorce2008-08-151-0/+4
| | | | does not work as expected and generates faulty keys
* Delete old mercurial files.Martin Nagy2008-08-153-71/+0
|
* When installing with an IPA-created CA generate the Firefox ↵Rob Crittenden2008-08-141-2/+2
| | | | | | autoconfiguration files. 458871
* Make Proxy directive wildcard match more specific so we can play nicer with ↵Rob Crittenden2008-08-141-3/+3
| | | | | | other apps. 459061
* Fix some copy/paste and other syntax errors from the validators commit.Rob Crittenden2008-08-142-5/+4
| | | | 450613, 457124
* Fix usage of mozldap libraries,Simo Sorce2008-08-132-2/+2
| | | | thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
* Remove unused stuff.Simo Sorce2008-08-131-2/+1
|
* apparently the "configure" target is never usedSimo Sorce2008-08-131-4/+0
|
* Install the ca.crt file early on so that we can always enforce SSLSimo Sorce2008-08-133-22/+27
| | | | | protected connections to other LDAP servers Fix error reporting on replica creation.
* Implement password operation checks and key material generation for theSimo Sorce2008-08-121-93/+1018
| | | | | | | | | | | ldap add and modify operation performed on the userPassword attribute. Add helper functions to reduce code duplication. Do not enforce encrypted connections on ldap add/ldap mod for compatibility reasons. (We cannot enforce people not to send the password in the clear anyway, we can only refuse to accept it at the most which does not gain you much if someone then re-send you the same password previously exposed)
* Fix versioning for configure.ac and ipa-python/setup.pySimo Sorce2008-08-1121-45/+78
| | | | | | | | | | Fix make maintainer-clean Also make RPM naming consistent by using a temp RELEASE file. This one helps when testing builds using rpms. Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...) Version 1.1.0 was released some times ago, bump up to 1.1.1
* Used the encrypt_file and decrypt_file utility functions to encrypt replicaSimo Sorce2008-08-112-22/+60
| | | | | | information. This way we do not risk to leave around sensitive data. Set the destination host in the replica file too and do checks against in ipa-replica-install
* Add encrypt_file and decrypt_file utility functions.Simo Sorce2008-08-112-2/+65
| | | | | | | | | | | | | | We will use them to encrypt the replica file so that we can transport it over more safely. It contains sensitive data, by encrypting it we assure that even if a distracted admin leaves it around it cannot be accessed without knowing the access passphrase (usually the Directory Manager password) Along the way fix also ipautil.run which was buggy and not passing in correctly stdin. Add dependency for gnupg in spec file
* Use larger set from which to choose chars for random passwords.Simo Sorce2008-08-112-5/+3
| | | | | Use SystemRandom() instead of Random() so that the randomicity is non-deterministic.
* Treat Jan 1 1970 in krbPrincipalExpiration as a special date that meansSimo Sorce2008-08-071-4/+5
| | | | the account Never Expires
* Change user and group validators to match shadow-utilsRob Crittenden2008-08-0712-79/+171
| | | | | | | | This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? Also change the validators to return True/False 450613, 457124
* Fix few syntax errors.Martin Nagy2008-08-062-3/+3
|
* Fix python syntax error: missing colon.Rob Crittenden2008-08-061-1/+1
|
* Use % format string to fix nbsp problem in userlist.kid (fixes #453779)Jason Gerard DeRose2008-07-301-7/+9
|
* Shift search base for users and groups to "cn=accounts, baseDN"Rob Crittenden2008-07-291-16/+18
| | | | 450552
* Fix encoding issue when manually loading templates for formsRob Crittenden2008-07-296-7/+40
| | | | | | | | | | | | | | | We used to manually load the template files for the edit pages using turbogears.meta.load_kid_template(). Unfortunately this went through the one code path where encoding was completely ignored. It ended up defaulting to sys.getdefaultencoding() which is 'ascii'. So even though most of the templates are loaded as 'utf-8' the few that really mattered weren't. The fix is to call kid.load_template() ourselves and set the encoding of the class we just loaded to either the setting in the app.cfg file or to the normal default value of 'utf-8'. 454076
* Change Title label to Job Title for clarityRob Crittenden2008-07-295-30/+38
| | | | 453780
* NSS 3.12 added a header to the certutil output we need to skipRob Crittenden2008-07-281-0/+3
| | | | 456694
* Don't assume that the Firefox autoconfig files exist.Rob Crittenden2008-07-282-11/+14
| | | | | | | These are created by an object-signing cert and needs to be done after the fact if a server is created with user-supplied PKCS#12 files. 452402
* Specify --mandir to configure to fix building on CentOS 5.2Rob Crittenden2008-07-281-1/+1
| | | | 456672
* Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHSRob Crittenden2008-07-253-8/+16
| | | | 455064
* Fix a stupidty introduced recently in a fix to a segfault.Simo Sorce2008-07-241-3/+5
|
* Catch correct exception when trying to find the default IPA users group and ↵Rob Crittenden2008-07-231-2/+2
| | | | | | return a more detailed error message. 455092
* Wrap up the raw_input() to user_input() for convenience and uniformity.Martin Nagy2008-07-239-189/+118
|
* Cleaned up comments that were mangled by vimNathan Kinder2008-07-181-7/+7
|
* Re-base memberOf plug-in off of current FDS memberOf plug-in. Resolves: ↵Nathan Kinder2008-07-184-643/+1189
| | | | 452537, 453011, 443241, 439628
* In openvz we found out some interfaces may return a null pointer here.Simo Sorce2008-07-151-0/+4
| | | | | Skip them if no address is provided or we later get a segfault because we dereference a null pointer.
* fix typoSimo Sorce2008-07-151-1/+1
|
* Rework the way SSL certificates are imported from PKCS#12 files.Rob Crittenden2008-07-1411-77/+276
| | | | | | | | Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402
generated by cgit (git 2.34.1) at 2025-09-03 20:58:56 +0000