diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-04-19 11:47:29 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-09 09:04:27 +0200 |
commit | 4660bb7ff0197649c8777151a3a2a5378929e842 (patch) | |
tree | d93c2194fdb1493658cbc4b6b40f286ae053568a /ipaplatform | |
parent | 903a90fb4e7dc7eaddc1cc4f11083dad5c16db9b (diff) | |
download | freeipa-4660bb7ff0197649c8777151a3a2a5378929e842.tar.gz freeipa-4660bb7ff0197649c8777151a3a2a5378929e842.tar.xz freeipa-4660bb7ff0197649c8777151a3a2a5378929e842.zip |
Add custodia store for lightweight CA key replication
Due to limitations in Dogtag's use of NSSDB, importing private keys
must be done by the Dogtag Java process itself. This requires a
PKIArchiveOptions format (signing key wrapped with host CA key) -
PKCS #12 cannot be used because that would require decrypting the
key in Dogtag's memory, albeit temporarily.
Add a new custodia store that executes a 'pki' command to acquire
the wrapped key.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaplatform')
-rw-r--r-- | ipaplatform/base/paths.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 336839b71..dddefea0b 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -215,6 +215,7 @@ class BasePathNamespace(object): NTPD = "/usr/sbin/ntpd" PKIDESTROY = "/usr/sbin/pkidestroy" PKISPAWN = "/usr/sbin/pkispawn" + PKI = "/usr/bin/pki" REMOVE_DS_PL = "/usr/sbin/remove-ds.pl" RESTORECON = "/usr/sbin/restorecon" SELINUXENABLED = "/usr/sbin/selinuxenabled" |