Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Stop looking when removing entries from a keytab. | Rob Crittenden | 2010-01-20 | 1 | -0/+5 |
| | | | | keytab entries are locked when looping. Temporarily suspend the looping. | ||||
* | Fix plugin to work with new output validation, add new helpers | Rob Crittenden | 2010-01-20 | 1 | -34/+57 |
| | | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed. | ||||
* | Add DS migration plugin and password migration page. | Pavel Zuna | 2010-01-20 | 11 | -0/+637 |
| | |||||
* | Add --enable-migration option in config plugin. | Pavel Zuna | 2010-01-20 | 1 | -1/+14 |
| | |||||
* | Add BIND pre-op for DS->IPA password migration to ipa-pwd-extop DS plugin. | Pavel Zuna | 2010-01-20 | 3 | -15/+244 |
| | |||||
* | Allow adding entries with pre-hashed passwords, but don't generate keys for ↵ | root | 2010-01-20 | 1 | -8/+15 |
| | | | | | | them. Fix bug #528922. | ||||
* | Temporary fix for name collision of textui.print_entry. | Pavel Zuna | 2010-01-20 | 2 | -3/+3 |
| | | | | Somehow there's two of them... rename old one to print_entry1. | ||||
* | Make DNS plugin support output validation and thus make it work again. | Pavel Zuna | 2010-01-20 | 1 | -39/+86 |
| | |||||
* | Create pkiuser before calling pkicreate, pkicreate depends on the user existing | John Dennis | 2010-01-20 | 1 | -1/+1 |
| | |||||
* | Correct some comment errors | Rob Crittenden | 2010-01-19 | 1 | -2/+1 |
| | |||||
* | pass DER flag to x509.get_serial_number() | John Dennis | 2010-01-19 | 1 | -1/+1 |
| | |||||
* | Allow cospriority to be updated and fix description of priority ordering | Rob Crittenden | 2010-01-19 | 2 | -16/+40 |
| | | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work. | ||||
* | Use 'l' instead of 'localityname' in host plugin. | Pavel Zuna | 2010-01-14 | 1 | -2/+14 |
| | | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS. | ||||
* | Make host objects aware of their membership and that l==localityName. | Pavel Zuna | 2010-01-14 | 1 | -0/+6 |
| | |||||
* | Add default values for krb ticket policy attributes during installation. | Pavel Zuna | 2010-01-13 | 2 | -0/+8 |
| | |||||
* | Add Kerberos Ticket Policy management plugin. | Pavel Zuna | 2010-01-13 | 2 | -27/+167 |
| | |||||
* | Fix backend.Executioner unit test. | Pavel Zuna | 2010-01-13 | 1 | -6/+13 |
| | | | | | | | | | | Before the patch that allows to create unshared instances of Connectible objects, all Connection object were deleted at once in destroy_context(). It made sense at the time, because there was always at most one Connection per Connectible subclass and Connectible.disconnect() was called only internally by the Executioner class. Now that we can make arbitrary connections, it makes more sense to delete the Connection object when Connectible.disconnect() is called. | ||||
* | Improve modlist generation in ldap2. Some code cleanup as bonus. | Pavel Zuna | 2010-01-11 | 1 | -65/+89 |
| | | | | | | | | ldap2._generate_modlist now uses more sophisticated means to decide when to use MOD_ADD+MOD_DELETE instead of MOD_REPLACE. MOD_REPLACE is always used for single value attributes and never for multi value. | ||||
* | Allow creation of new connections by unshared instances of backend.Connectible. | Pavel Zuna | 2010-01-11 | 2 | -14/+22 |
| | |||||
* | Add start/stop for the CA | Rob Crittenden | 2010-01-11 | 1 | -0/+8 |
| | |||||
* | Missed explicit reference to pki-ca, replace with self.service_name | Rob Crittenden | 2010-01-11 | 1 | -2/+2 |
| | |||||
* | Add --all to LDAPCreate and make LDAP commands always display default ↵ | Pavel Zuna | 2010-01-11 | 7 | -14/+30 |
| | | | | attributes. | ||||
* | Use the caIPAserviceCert profile for issuing service certs. | Rob Crittenden | 2010-01-08 | 2 | -3/+3 |
| | | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration. | ||||
* | Replace uses of %define with %global in the .spec file | Rob Crittenden | 2010-01-07 | 1 | -7/+7 |
| | | | | | | | Fixes rawhide builds per https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html Contributed by Nalin Dahyabhai | ||||
* | Change the service name to reflect changes in pki-ca (now pki-cad). | Rob Crittenden | 2010-01-07 | 1 | -3/+3 |
| | | | | | | Also properly use the instance name where appropriate. There were a couple of places where the service name was used and this worked because they were the same. | ||||
* | Remove hardcoded domain, example.com | Rob Crittenden | 2009-12-18 | 2 | -6/+6 |
| | |||||
* | Add messages, declarative tests for rolegroup, taskgroup plugins | Jason Gerard DeRose | 2009-12-18 | 5 | -273/+856 |
| | |||||
* | Added Fuzzy docstrings; make-test now runs doctests in tests/*; fixed ↵ | Jason Gerard DeRose | 2009-12-18 | 7 | -32/+106 |
| | | | | 'existant' mispelling | ||||
* | Need to supsend looping through the keytab entries when doing a delete. | Rob Crittenden | 2009-12-18 | 1 | -0/+5 |
| | |||||
* | Handle base64-encoded certificates better, import missing function | Rob Crittenden | 2009-12-18 | 3 | -0/+11 |
| | |||||
* | Fuzzy feelings | Jason Gerard DeRose | 2009-12-17 | 8 | -395/+653 |
| | |||||
* | Make hosts more like real services so we can issue certs for host principals | Rob Crittenden | 2009-12-16 | 5 | -17/+71 |
| | | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work. | ||||
* | Set the context of files needed by the selfsign CA so Apache can write them | Rob Crittenden | 2009-12-16 | 2 | -1/+6 |
| | |||||
* | Remove some left-over debugging statements | Rob Crittenden | 2009-12-16 | 1 | -3/+0 |
| | |||||
* | host and hostgroup summary messages, declarative tests; fix tests for 'dn' | Jason Gerard DeRose | 2009-12-16 | 6 | -224/+499 |
| | |||||
* | Add simple tests for the aci plugin | Rob Crittenden | 2009-12-14 | 1 | -0/+77 |
| | |||||
* | Add some missing labels | Rob Crittenden | 2009-12-14 | 2 | -0/+5 |
| | |||||
* | Convert to using new result output handling | Rob Crittenden | 2009-12-14 | 2 | -27/+85 |
| | | | | | This also inserts the dn into the response when adding a record. We need this in the ACI plugin when adding a taskgroup | ||||
* | Make the IPA server host and its services "real" IPA entries | Rob Crittenden | 2009-12-11 | 11 | -24/+146 |
| | | | | | | | | | | | We use kadmin.local to bootstrap the creation of the kerberos principals for the IPA server machine: host, HTTP and ldap. This works fine and has the side-effect of protecting the services from modification by an admin (which would likely break the server). Unfortunately this also means that the services can't be managed by useful utilities such as certmonger. So we have to create them as "real" services instead. | ||||
* | Add pdb options to make-test to pass onto nosetests | Rob Crittenden | 2009-12-11 | 1 | -0/+14 |
| | |||||
* | This plugin was replaced by the aci plugin | Rob Crittenden | 2009-12-11 | 1 | -93/+0 |
| | |||||
* | Add force option to ipa-replica-manage to allow forcing deletion of a replica | Rob Crittenden | 2009-12-11 | 1 | -5/+13 |
| | | | | | | If a replica is not up for some reason (e.g. you've already deleted it) this used to quit and not let you delete the replica, generating errors in the DS logs. This will let you force a deletion. | ||||
* | Take 2: Extensible return values and validation; steps toward a single ↵ | Jason Gerard DeRose | 2009-12-10 | 44 | -1035/+2962 |
| | | | | output_for_cli(); enable more webUI stuff | ||||
* | Pass on debug option from ipa-client-install to ipa-join | Rob Crittenden | 2009-12-09 | 1 | -0/+2 |
| | |||||
* | rebase dogtag clean-up patch | John Dennis | 2009-12-09 | 6 | -292/+1742 |
| | |||||
* | A utility for removing principals from a keytab. | Rob Crittenden | 2009-12-04 | 5 | -0/+324 |
| | | | | | | | | | | | | When we un-enroll a client we'll do a bit of cleanup including removing any principals for the IPA realm from /etc/krb5.keytab. This removes principals in 2 ways: - By principal, only entries matching the full principal are removed - By realm. Any principal for that realm is removed This does not change the KDC at all, just removes entries from a file on the client machine. | ||||
* | Bump the installation version number to V2.0 | Rob Crittenden | 2009-12-03 | 1 | -1/+1 |
| | |||||
* | Add minimal test for the cert plugin | Rob Crittenden | 2009-12-03 | 1 | -0/+104 |
| | | | | | | | This assumes that the developer has the equivalent of a selfsign CA installed. To do this, install IPA without a CA and copy /etc/httpd/alias/*.db to ~/.ipa/alias and /etc/httpd/alias/pwdfile.txt to ~/.ipa/alias/.pwd | ||||
* | Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any type | Rob Crittenden | 2009-12-02 | 1 | -1/+5 |
| | |||||
* | Add idnsUpdatePolicy into the dns plug-in | Martin Nagy | 2009-12-02 | 1 | -1/+5 |
| | | | | | | The idnsUpdatePolicy takes a list of BIND dynamic update policies, each of which must be terminated by ";". Also fix a minor error in the documentation string. |