diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2015-05-25 08:39:07 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-06-11 10:50:31 +0000 |
| commit | bc0c60688505968daf6851e3e179aab20e23af7d (patch) | |
| tree | ea8cb740dfcd50ab46d73a350686502d80a902ec /ipalib/constants.py | |
| parent | ae56ca422d1897569717fa44a5d483b10e490f6a (diff) | |
| download | freeipa-bc0c60688505968daf6851e3e179aab20e23af7d.tar.gz freeipa-bc0c60688505968daf6851e3e179aab20e23af7d.tar.xz freeipa-bc0c60688505968daf6851e3e179aab20e23af7d.zip | |
Add CA ACL plugin
Implement the caacl commands, which are used to indicate which
principals may be issued certificates from which (sub-)CAs, using
which profiles.
At this commit, and until sub-CAs are implemented, all rules refer
to the top-level CA (represented as ".") and no ca-ref argument is
exposed.
Also, during install and upgrade add a default CA ACL that permits
certificate issuance for all hosts and services using the profile
'caIPAserviceCert' on the top-level CA.
Part of: https://fedorahosted.org/freeipa/ticket/57
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipalib/constants.py')
| -rw-r--r-- | ipalib/constants.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index 0ffdcbfc7..330f9df74 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -120,6 +120,7 @@ DEFAULT_CONFIG = ( ('container_masters', DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'))), ('container_certprofile', DN(('cn', 'certprofiles'), ('cn', 'ca'))), ('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'), ('cn', 'etc'))), + ('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))), # Ports, hosts, and URIs: ('xmlrpc_uri', 'http://localhost:8888/ipa/xml'), |