diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-01 08:07:33 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-09 09:04:27 +0200 |
commit | b0d9a4728f0dc78e2bbde344beac17ae50b847a9 (patch) | |
tree | b5cca38aa8795073de92776942be6e6fe63b2479 /ipalib | |
parent | 0d37d230c066f9eb703c81e0e21b1b6738703b41 (diff) | |
download | freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.gz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.tar.xz freeipa-b0d9a4728f0dc78e2bbde344beac17ae50b847a9.zip |
Setup lightweight CA key retrieval on install/upgrade
Add the ipa-pki-retrieve-key helper program and configure
lightweight CA key replication on installation and upgrade. The
specific configuration steps are:
- Add the 'dogtag/$HOSTNAME' service principal
- Create the pricipal's Custodia keys
- Retrieve the principal's keytab
- Configure Dogtag's CS.cfg to use ExternalProcessKeyRetriever
to invoke ipa-pki-retrieve-key for key retrieval
Also bump the minimum version of Dogtag to 10.3.2.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/constants.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index a2cbfdbcd..97dff1d80 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -264,3 +264,4 @@ REPL_AGMT_STRIP_ATTRS = ('modifiersName', DOMAIN_SUFFIX_NAME = 'domain' CA_SUFFIX_NAME = 'ca' +PKI_GSSAPI_SERVICE_NAME = 'dogtag' |