diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-01 08:07:33 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-09 09:04:27 +0200 |
commit | b0d9a4728f0dc78e2bbde344beac17ae50b847a9 (patch) | |
tree | b5cca38aa8795073de92776942be6e6fe63b2479 /freeipa.spec.in | |
parent | 0d37d230c066f9eb703c81e0e21b1b6738703b41 (diff) | |
download | freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.gz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.xz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.zip |
Setup lightweight CA key retrieval on install/upgrade
Add the ipa-pki-retrieve-key helper program and configure
lightweight CA key replication on installation and upgrade. The
specific configuration steps are:
- Add the 'dogtag/$HOSTNAME' service principal
- Create the pricipal's Custodia keys
- Retrieve the principal's keytab
- Configure Dogtag's CS.cfg to use ExternalProcessKeyRetriever
to invoke ipa-pki-retrieve-key for key retrieval
Also bump the minimum version of Dogtag to 10.3.2.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index d5d78f806..8eb3bd5fc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -94,7 +94,7 @@ BuildRequires: libunistring-devel BuildRequires: python-lesscpy BuildRequires: python-yubico >= 1.2.3 BuildRequires: openssl-devel -BuildRequires: pki-base >= 10.2.6 +BuildRequires: pki-base >= 10.3.2 BuildRequires: python-pytest-multihost >= 0.5 BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 @@ -155,8 +155,8 @@ Requires(post): systemd-units Requires: selinux-policy >= %{selinux_policy_version} Requires(post): selinux-policy-base >= %{selinux_policy_version} Requires: slapi-nis >= 0.55-1 -Requires: pki-ca >= 10.2.6-19 -Requires: pki-kra >= 10.2.6-19 +Requires: pki-ca >= 10.3.2 +Requires: pki-kra >= 10.3.2 Requires(preun): python systemd-units Requires(postun): python systemd-units Requires: zip @@ -1074,6 +1074,7 @@ fi %{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-ods-exporter %{_libexecdir}/ipa/ipa-httpd-kdcproxy +%{_libexecdir}/ipa/ipa-pki-retrieve-key %dir %{_libexecdir}/ipa/oddjob %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf |