diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-01 08:07:33 +1000 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-09 09:04:27 +0200 |
| commit | b0d9a4728f0dc78e2bbde344beac17ae50b847a9 (patch) | |
| tree | b5cca38aa8795073de92776942be6e6fe63b2479 /install/updates | |
| parent | 0d37d230c066f9eb703c81e0e21b1b6738703b41 (diff) | |
| download | freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.gz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.xz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.zip | |
Setup lightweight CA key retrieval on install/upgrade
Add the ipa-pki-retrieve-key helper program and configure
lightweight CA key replication on installation and upgrade. The
specific configuration steps are:
- Add the 'dogtag/$HOSTNAME' service principal
- Create the pricipal's Custodia keys
- Retrieve the principal's keytab
- Configure Dogtag's CS.cfg to use ExternalProcessKeyRetriever
to invoke ipa-pki-retrieve-key for key retrieval
Also bump the minimum version of Dogtag to 10.3.2.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/updates')
| -rw-r--r-- | install/updates/73-custodia.update | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/install/updates/73-custodia.update b/install/updates/73-custodia.update index f6520fb2e..60f805ab8 100644 --- a/install/updates/73-custodia.update +++ b/install/updates/73-custodia.update @@ -2,3 +2,8 @@ dn: cn=custodia,cn=ipa,cn=etc,$SUFFIX default: objectClass: top default: objectClass: nsContainer default: cn: custodia + +dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,$SUFFIX +default: objectClass: top +default: objectClass: nsContainer +default: cn: dogtag |