diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2012-08-23 12:38:45 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-09-17 18:43:59 -0400 |
| commit | 4f76c143d2f2036af02677469c542f563a10158d (patch) | |
| tree | 8ed4716135c53486710950b453f17bb71f36c658 /install/conf | |
| parent | 3dd31a875650c7fe7c67ca6b47f2058c1181dafb (diff) | |
| download | freeipa-4f76c143d2f2036af02677469c542f563a10158d.tar.gz freeipa-4f76c143d2f2036af02677469c542f563a10158d.tar.xz freeipa-4f76c143d2f2036af02677469c542f563a10158d.zip | |
Use Dogtag 10 only when it is available
Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.
Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.
This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846
Diffstat (limited to 'install/conf')
| -rw-r--r-- | install/conf/ipa-pki-proxy.conf | 14 | ||||
| -rw-r--r-- | install/conf/ipa.conf | 6 |
2 files changed, 10 insertions, 10 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 7a067ca9c..20c09217a 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,4 +1,4 @@ -# VERSION 1 - DO NOT REMOVE THIS LINE +# VERSION 2 - DO NOT REMOVE THIS LINE ProxyRequests Off @@ -6,22 +6,22 @@ ProxyRequests Off <LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none - ProxyPassMatch ajp://localhost:8009 - ProxyPassReverse ajp://localhost:8009 + ProxyPassMatch ajp://localhost:$DOGTAG_PORT + ProxyPassReverse ajp://localhost:$DOGTAG_PORT </LocationMatch> # matches for admin port and installer <LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML|^/ca/rest/installer/installToken"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none - ProxyPassMatch ajp://localhost:8009 - ProxyPassReverse ajp://localhost:8009 + ProxyPassMatch ajp://localhost:$DOGTAG_PORT + ProxyPassReverse ajp://localhost:$DOGTAG_PORT </LocationMatch> # matches for agent port and eeca port <LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient require - ProxyPassMatch ajp://localhost:8009 - ProxyPassReverse ajp://localhost:8009 + ProxyPassMatch ajp://localhost:$DOGTAG_PORT + ProxyPassReverse ajp://localhost:$DOGTAG_PORT </LocationMatch> diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index d428460fe..ed50a35b5 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 7 - DO NOT REMOVE THIS LINE +# VERSION 8 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # @@ -105,8 +105,8 @@ Alias /ipa/config "/usr/share/ipa/html" # For CRL publishing -Alias /ipa/crl "/var/lib/pki/tomcat-ca/ca/publish" -<Directory "/var/lib/pki/tomcat-ca/ca/publish"> +Alias /ipa/crl "$CRL_PUBLISH_PATH" +<Directory "$CRL_PUBLISH_PATH"> SetHandler None AllowOverride None Options Indexes FollowSymLinks |