summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-install
Commit message (Collapse)AuthorAgeFilesLines
...
* Add some error handling for LDAP connection issuesRob Crittenden2008-02-191-3/+23
| | | | | | Verify the DM password earlier in the process 433368
* Verify current domain with user during installationRob Crittenden2008-02-153-15/+66
| | | | | | Use that domain when creating replicas Resolves 432066
* Display the path to the PKCS#12 password file at the end of installationRob Crittenden2008-02-191-0/+1
|
* Don't create a backup of the PKCS#12 cert on replicasRob Crittenden2008-02-141-2/+2
| | | | | | Name the file created by ipa-replica-prepare after the FQDN of the target Resolves 432904
* Gracefully handle sys.exit() in python 2.4Rob Crittenden2008-02-111-0/+2
|
* Missed a place to translate the realm name into an instance nameRob Crittenden2008-02-081-1/+3
| | | | Catch SystemExit exceptions otherwise a trace will be shown with python 2.4
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-044-4/+4
|
* Fix broken attempt to return 0 on success, 1 on failureRob Crittenden2008-02-061-2/+2
|
* Return 1 on error, 0 on successRob Crittenden2008-02-051-0/+2
|
* Use file to store the current CA serial numberRob Crittenden2008-02-053-27/+104
| | | | | | | No longer create a PKCS#12 file that contains the CA No longer send the entire CA to each replica, generate the SSL certs on master Fix number of bugs in ipa-replica-install and prepare Produce status output during replica creation
* Missed closing quoteRob Crittenden2008-01-291-1/+1
|
* Remove reference to radius that wasn't used and was causing program to fail.Rob Crittenden2008-01-291-1/+1
| | | | Resolves 429853
* Include some additional information when installing IPA.Rob Crittenden2008-01-251-3/+15
| | | | | Remove 8080 as a port that needs to be opened bz 430088
* Fix misspelling of the word indices.Rob Crittenden2008-01-252-1/+1
|
* Re-factor the ipa_webgui and ipa_kpasswd instance codeMark McLoughlin2008-01-221-3/+2
| | | | | | | | | The ipa_webgui and ipa_kpasswd instance code is identical and I want to add another similar instance down the line, so re-factor the code into a service.SimpleServiceInstance class. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Remove questions from ipaserver.dsinstanceMark McLoughlin2008-01-221-3/+28
| | | | | | | | | | | | | Let's assume that all ipaserver.dsinstance could be used somewhere where asking questions on stdout/stdin is not approriate and re-factor the code to be suitable in those situations too. i.e. make check_existing_installation() return a list of server IDs and make check_ports() return an (unsecure, secure) tuple indication which ports are in use. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use Fedora package names for PyKerberos (python-kerberos) and pyasn1Rob Crittenden2008-01-241-1/+3
| | | | (python-pyasn1) for the specfile Requires.
* Fix issues reported by rpmlint.Rob Crittenden2008-01-185-6/+0
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Add ipa-server-install --uninstallMark McLoughlin2008-01-111-6/+26
| | | | | | | | Add a --uninstall option to ipa-server-install which tries to restore the system to the way it was before ipa-server-install was run using the state backed up through sysrestore.py. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Backup system state in ipa-server-installRob Crittenden2008-01-141-0/+3
| | | | | | | | | | | | | This patch adds a sysrestore module which allows ipa-server-install code to backup any system state so that it can be restored again with e.g. ipa-server-install --uninstall. The idea is that any files ipa-server-install modifies gets backed up to /var/cache/ipa/sysrestore/ while any "meta" state, like whether a service is enabled with chkconfig, is saved to /var/cache/ipa/sysrestore.state. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Add service.is_running() helperMark McLoughlin2008-01-111-10/+1
| | | | | | | | Add a simple helper to check whether a service is running and make ipa-server-install use it to check whether ntpd is running. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* - Enable ssl for replication.Karl MacMillan2007-12-213-1/+121
| | | | | - Add replication management script that allows listing adding, and deleting replicas.
* Big changeset that includes the work around keytab management.Simo Sorce2007-12-215-4/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following the changelog history from my dev tree, some comments are useful imo ------------------------------------------------------ user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 03:05:36 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Remove remnants of the initial test tool changeset: 563:4fe574b7bdf1 user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 02:58:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Maybe actually encrypting the keys will help :-) changeset: 562:488ded41242a user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:50 2007 -0500 files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif description: Fixes changeset: 561:4518f6f5ecaf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:32 2007 -0500 files: ipa-admintools/Makefile ipa-admintools/ipa-addservice description: transform the old ipa-getkeytab in a tool to add services as the new ipa-getkeytab won't do it (and IMO it makes more sense to keep the two functions separate anyway). changeset: 559:25a7f8ee973d user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:59 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Bugfixes changeset: 558:28fcabe4aeba user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:29 2007 -0500 files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c description: Configure fixes Add ipa-getkeytab to spec Client fixes changeset: 557:e92a4ffdcda4 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:57:10 2007 -0500 files: ipa-client/Makefile.am ipa-client/configure.ac description: Try to make ipa-getkeytab build via autotools changeset: 556:224894175d6b user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:35:56 2007 -0500 files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c description: Messed a bit with hg commands. To make it short: - Remove the python ipa-getkeytab program - Rename the keytab plugin test program to ipa-getkeytab - Put the program in ipa-client as it should be distributed with the client tools changeset: 555:5e1a068f2e90 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:20:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Polish the client program changeset: 554:0a5b19a167cf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 18:53:49 2007 -0500 files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py description: Support retrieving enctypes from LDAP Filter enctypes Update test program changeset: 553:f75d7886cb91 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 00:17:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Fix ber generation and remove redundant keys changeset: 552:0769cafe6dcd user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 19:31:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Avoid stupid segfault changeset: 551:1acd5fdb5788 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:39:12 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: If ber_peek_tag() returns LBER_ERROR it may just be that we are at the end of the buffer. Unfortunately ber_scanf is broken in the sense that it doesn't actually really consider sequence endings (due probably to the fact they are just representation and do not reflect in the underlieing DER encoding.) changeset: 550:e974fb2726a4 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:35:07 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: First shot at the new method
* Convert replication to use the new cert infrastructure andKarl MacMillan2007-12-202-35/+54
| | | | | | correctly issue certs from the same authority. Also remove support for read-only replicas since that work will not be finished and tested for 1.0.
* Fix ldif to work with ldapmodify in openldap-2.4.xMark McLoughlin2007-12-132-0/+6
| | | | | | | | | | | | It seems that in openldap-2.4.x ldapmodify has gotten somewhat more picky about the ldif it accepts. See here for more details: https://bugzilla.redhat.com/422251 Not sure whether ldapmodify will be fixed, but for now just fix the ldif. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Merge.Karl MacMillan2007-12-121-1/+1
|\
| * Merge in Rob aci patch (resolve conflict)Simo Sorce2007-12-121-1/+1
| |
* | Move radius server components into a separate package.Karl MacMillan2007-12-124-359/+0
|/
* Separate out ACIs that affect radiusSimo Sorce2007-12-121-1/+2
|
* - Better access control, make sure not even admins can read out passwordsSimo Sorce2007-12-112-9/+16
| | | | | - Insure admins can't locked out by mistake by inclusion in disabled groups - Fix also minor error in krbinstance.py
* Add automatic browser configuration for kerberos SSO using javascript.Rob Crittenden2007-12-122-0/+34
| | | | | | This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript.
* User provided certs.Karl MacMillan2007-12-122-0/+157
|
* Remove radiusinstance from ipa-server-install.Karl MacMillan2007-12-121-1/+0
|
* Remove radius from main install script and addKarl MacMillan2007-12-123-5/+73
| | | | ipa-radius-install.
* Convert the setup of ssl from a shell script to aKarl MacMillan2007-12-062-222/+0
| | | | | python module. This is in preparation for user supplied certs.
* Merge.Karl MacMillan2007-12-111-0/+1
|\
| * Fix delegation in the UI and add a missing aci that allows writes.Rob Crittenden2007-12-071-0/+1
| | | | | | | | Make ipa-deldelegation more user-friendly.
* | Merge.Karl MacMillan2007-12-113-4/+22
|\|
| * Add default e-mail domain to the IPA configurationRob Crittenden2007-12-102-1/+3
| |
| * merge from upstreamSimo Sorce2007-12-073-3/+19
| |\
| | * Fix message about no spaces in password - spaces workKarl MacMillan2007-12-061-1/+1
| | | | | | | | | | | | fine with ssl setup shell script removed.
| | * Utilize user and group objectclass lists in cn=ipaconfigRob Crittenden2007-12-062-2/+14
| | | | | | | | | | | | Change the syntax on user and group objectclasses in cn=ipaconfig
| | * Phase 1 of allowing admins to set the default object classes for users & groupsRob Crittenden2007-12-041-2/+6
| | | | | | | | | | | | | | | | | | | | | This adds the UI and does error checking of the selected object classes but it doesn't actually use the values yet. It also generalizes some functions for doing multi-valued fields.
| * | we *may* require it, it depend on the ditro in F8 cahing daemon ↵Simo Sorce2007-12-071-1/+1
| |/ | | | | | | | | | | configuration has been incorporated in the default bind install.
* | mergeJohn Dennis2007-12-042-11/+26
|\|
| * Increase default max password lifetime from 10 to 90 daysRob Crittenden2007-12-031-1/+1
| |
| * Improved ACIsSimo Sorce2007-11-301-9/+12
| |
| * minor typosSimo Sorce2007-11-301-0/+6
| |
| * Add utility to lock user accounts. Remove lock capability from ipa-deluserRob Crittenden2007-11-261-0/+6
| | | | | | | | | | Fix bootstrap.ldif to add new Class of Service entries properly Include some man pages that weren't being installed
* | change location of radius data in ldap fromJohn Dennis2007-11-301-10/+4
| | | | | | | | | | | | cn=radius,cn=services,cn=etc to cn=radius
generated by cgit (git 2.34.1) at 2026-04-30 04:46:59 +0000