summaryrefslogtreecommitdiffstats
path: root/ipaserver/secrets/store.py
Commit message (Collapse)AuthorAgeFilesLines
* Fix replica with --setup-ca issuesStanislav Laznicka2017-03-011-3/+3
| | | | | | | | nolog argument of ipautil.run requires tuple, not a string. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Moving ipaCert from HTTPD_ALIAS_DIRStanislav Laznicka2017-03-011-13/+7
| | | | | | | | | | | | | The "ipaCert" nicknamed certificate is not required to be in /var/lib/ipa/radb NSSDB anymore as we were keeping a copy of this file in a separate file anyway. Remove it from there and track only the file. Remove the IPA_RADB_DIR as well as it is not required anymore. https://fedorahosted.org/freeipa/ticket/5695 https://fedorahosted.org/freeipa/ticket/6680 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added a PEMFileHandler for Custodia storeStanislav Laznicka2017-03-011-0/+61
| | | | | | | | | This is a preparation step to be able to handle sending RA agent certificate over Custodia during domain level 1 replica installation. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Separate RA cert store from the HTTP cert storeSimo Sorce2017-02-151-2/+2
| | | | | | | | | | | | | | | This is in preparation for separating out the user under which the ipa api framework runs as. This commit also removes certs.NSS_DIR to avoid confusion and replaces it where appropriate with the correct NSS DB directory, either the old HTTPD_ALIAS_DIR ot the RA DB IPA_RADB_DIR. In some cases its use is removed altogether as it was simply not necessary. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa_generate_password algorithm changePetr Spacek2017-01-061-1/+1
| | | | | | | | | | | | | | | | A change to the algorithm that generates random passwords for multiple purposes throught IPA. This spells out the need to assess password strength by the entropy it contains rather than its length. This new password generation should also be compatible with the NSS implementation of password requirements in FIPS environment so that newly created databases won't fail with wrong authentication. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Unify password generation across FreeIPAStanislav Laznicka2017-01-061-1/+1
| | | | | | | | | | | | Also had to recalculate entropy of the passwords as originally, probability of generating each character was 1/256, however the default probability of each character in the ipa_generate_password is 1/95 (1/94 for first and last character). https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipapython: move dnssec, p11helper and secrets to ipaserverJan Cholasta2016-11-291-0/+261
The dnssec and secrets subpackages and the p11helper module depend on ipaplatform. Move them to ipaserver as they are used only on the server. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
generated by cgit (git 2.34.1) at 2024-09-21 14:56:25 +0000