Rob Crittenden
Rob Crittenden
Set passwordgracelimit to match global policy on group pw policies When adding a new group password policy if the grace period is not provided use the same as the global...
There are currently three sets of CA schema changes applied in ipa-server-upgrade: * addition of ACME schema * addition of certificate profile schema * addition of lightweight CA schema None...
Wipe the ipa-ca DNS record when updating system records If a server with a CA has been marked as hidden and contains the last A or AAAA address then that...
Quite a lot of methods in base/common/python/pki/nssdb.py contain code like this to generate the pki command: ``` elif self.password_file: cmd.extend(['-C', self.password_file]) ``` password_file is generated in ```__init__()``` with the NSS...
pki-server-10.10.5-5.fc32.noarch Several checks fail when run with ipa-healthcheck that pass with pki-healthcheck. The environment is changed to replace the OCSP signing certificate with a broken one. This replacement certificate was...
A temporary krb5.conf is created early during client enrollment and was previously used only during the initial ipa-join call. The final krb5.conf was written soon afterward. If there are multiple...
Purpose is to add support for HSM installation of CA and KRA on both initial server and replicas. Signed-off-by: Rob Crittenden
Implement the design for HSM support. This PR set adds options for HSM token, library path and token password to the CA/KRA-related installers. The intention is to test this in...
Ideally all files created during an IPA server installation are removed by the uninstaller. Some files are purposefully left, like token passwords, private keys, logs and more. Add an allow...
Replace service certificates with ipa-server-certinstall Also revoke existing IPA-issued certificates. ipa-server-certinstall does not update the HTTP or ldap service entries when the the new certificates. This is confusing when looking...