summaryrefslogtreecommitdiffstats
path: root/ipapython/secrets/kem.py
Commit message (Collapse)AuthorAgeFilesLines
* ipapython: move dnssec, p11helper and secrets to ipaserverJan Cholasta2016-11-291-228/+0
| | | | | | | | | | | The dnssec and secrets subpackages and the p11helper module depend on ipaplatform. Move them to ipaserver as they are used only on the server. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* pylint: enable the import-error checkJan Cholasta2016-10-241-1/+5
| | | | | | | | | | Check for import errors with pylint to make sure new python package dependencies are not overlooked. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Secure permissions of Custodia server.keysChristian Heimes2016-08-241-1/+4
| | | | | | | | | | | | | Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was created with permission 644 and is only secured by permission 700 of the directory /etc/ipa/custodia. The installer and upgrader ensure that the file has 600. https://bugzilla.redhat.com/show_bug.cgi?id=1353936 https://fedorahosted.org/freeipa/ticket/6056 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Optionally add service name to Custodia key DNsFraser Tweedale2016-06-091-5/+22
| | | | | | | | | | | | | | | | | | | Lightweight CAs support introduces new service principals for Dogtag, with Custodia keys. The current Custodia key creation uses a DN that contains only they key type and the hostname, so keys for multiple services on the same host cannot be created. Add the 'generate_keys' method to generate keys for a host or an arbitrary service. When a service name is given, add the key entries in a nested container with RDN 'cn=<service name>'. (The container is assumed to exist). This change does not affect searching because subtree search is used, filtering on the ipaKeyUsage and memberPrincipal attributes. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipapython.secrets.kem: Use ConfigParser from six.movesPetr Viktorin2016-05-301-2/+2
| | | | | | | | | In Python 3, the module name changed from 'ConfigParser' to 'configparser'. Use the appropriate location from six. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* custodia: do not modify memberPrincipal on key updateJan Cholasta2015-12-071-2/+1
| | | | | | | https://fedorahosted.org/freeipa/ticket/5401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Add ipa-custodia serviceSimo Sorce2015-10-151-0/+205
Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-19 04:20:41 +0000