freeipa.git/ipaclient, branch master FreeIPA patches Support certificate login after installation and upgrade 2017-03-14T14:13:43+00:00 Pavel Vomacka pvomacka@redhat.com 2017-03-09T11:14:21+00:00 75c592d3b9081474cae51c929e6af29c7a0eebb6 Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
Add necessary steps which set SSSD and set SELinux boolean during
installation or upgrade. Also create new endpoint in apache for
login using certificates.

https://pagure.io/freeipa/issue/6225

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
csrgen: hide cert-get-requestdata in CLI 2017-03-14T12:26:16+00:00 Jan Cholasta jcholast@redhat.com 2017-03-14T06:25:19+00:00 72de679eb445c975ec70cd265d37d4927823ce5b The CSR generation feature is supposed to be used from cert-request, hide the internal cert-get-requestdata command in the CLI. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
The CSR generation feature is supposed to be used from cert-request, hide
the internal cert-get-requestdata command in the CLI.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
cert: include certificate chain in cert command output 2017-03-14T11:58:45+00:00 Jan Cholasta jcholast@redhat.com 2017-03-10T09:22:42+00:00 8ed891cb619abd2efd428f767edf760ebf5eec5d Include the full certificate chain in the output of cert-request, cert-show and cert-find if --chain or --all is specified. If output file is specified in the CLI together with --chain, the full certificate chain is written to the file. https://pagure.io/freeipa/issue/6547 Reviewed-By: David Kupka <dkupka@redhat.com> 
Include the full certificate chain in the output of cert-request, cert-show
and cert-find if --chain or --all is specified.

If output file is specified in the CLI together with --chain, the full
certificate chain is written to the file.

https://pagure.io/freeipa/issue/6547

Reviewed-By: David Kupka <dkupka@redhat.com>
cert: add output file option to cert-request 2017-03-14T11:58:45+00:00 Jan Cholasta jcholast@redhat.com 2017-03-10T09:19:53+00:00 c60d9c9744b1f8a7b55bcdda65cce8bb36700bf6 The certificate returned by cert-request can now be saved to a file in the CLI using a new --certificate-out option. Deprecate --out in cert-show in favor of --certificate-out. https://pagure.io/freeipa/issue/6547 Reviewed-By: David Kupka <dkupka@redhat.com> 
The certificate returned by cert-request can now be saved to a file in the
CLI using a new --certificate-out option.

Deprecate --out in cert-show in favor of --certificate-out.

https://pagure.io/freeipa/issue/6547

Reviewed-By: David Kupka <dkupka@redhat.com>
vault: cache the transport certificate on client 2017-03-13T15:02:16+00:00 Jan Cholasta jcholast@redhat.com 2017-02-17T10:25:17+00:00 98bb5397c535e5e1a6c5ade9f0fb918be1d282c3 Cache the KRA transport certificate on disk (in ~/.cache/ipa) as well as in memory. https://fedorahosted.org/freeipa/ticket/6652 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 
Cache the KRA transport certificate on disk (in ~/.cache/ipa) as well as
in memory.

https://fedorahosted.org/freeipa/ticket/6652

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
install: re-introduce option groups 2017-03-13T09:12:40+00:00 Jan Cholasta jcholast@redhat.com 2017-03-08T08:03:13+00:00 2fc9feddd02bb17c3a9eb7efde83277fcf93252c Re-introduce option groups in ipa-client-install, ipa-server-install and ipa-replica-install. https://pagure.io/freeipa/issue/6392 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Re-introduce option groups in ipa-client-install, ipa-server-install and
ipa-replica-install.

https://pagure.io/freeipa/issue/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
client install: split off SSSD options into a separate class 2017-03-13T09:12:40+00:00 Jan Cholasta jcholast@redhat.com 2017-03-08T08:01:41+00:00 1cfe06c79eb0b98a0f4bd663165156596b59e85f Split off SSSD knob definitions from the ClientInstallInterface class into a new SSSDInstallInterface class. https://pagure.io/freeipa/issue/6392 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Split off SSSD knob definitions from the ClientInstallInterface class into
a new SSSDInstallInterface class.

https://pagure.io/freeipa/issue/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
certmap: load certificate from file in certmap-match CLI 2017-03-13T08:03:53+00:00 Jan Cholasta jcholast@redhat.com 2017-03-09T06:19:26+00:00 0298ecf441ba38858d7909b8c3b4cc2b4c4e53c4 Load the certificate from a file specified in the first argument. Raw certificate value can be specified using --certificate. https://pagure.io/freeipa/issue/6646 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 
Load the certificate from a file specified in the first argument. Raw
certificate value can be specified using --certificate.

https://pagure.io/freeipa/issue/6646

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
pylint_plugins: add forbidden import checker 2017-03-10T12:04:59+00:00 Jan Cholasta jcholast@redhat.com 2017-02-14T08:58:44+00:00 5d489ac5604ca959cfe439c0594b8739073f3cea Add new pylint AST checker plugin which implements a check for imports forbidden in IPA. Which imports are forbidden is configurable in pylintrc. Provide default forbidden import configuration and disable the check for existing forbidden imports in our code base. Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add new pylint AST checker plugin which implements a check for imports
forbidden in IPA. Which imports are forbidden is configurable in pylintrc.

Provide default forbidden import configuration and disable the check for
existing forbidden imports in our code base.

Reviewed-By: Martin Basti <mbasti@redhat.com>
Chain CSR generator file loaders 2017-03-08T14:59:26+00:00 Christian Heimes cheimes@redhat.com 2017-03-03T07:35:45+00:00 177f07e163d6d591a1e609d35e0a6f6f5347551e First try custom location, then csrgen subdir in confdir and finally fall back to package data. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Ben Lipton <blipton@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> 
First try custom location, then csrgen subdir in confdir and finally
fall back to package data.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Ben Lipton <blipton@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>