Support certificate login after installation and upgrade

Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-03-09 12:14:21 +01:00
parent 8980f4098e
commit 75c592d3b9
6 changed files with 59 additions and 2 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -53,6 +53,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
    httpd_can_network_connect='on',
    httpd_manage_ipa='on',
    httpd_run_ipa='on',
+    httpd_dbus_sssd='on',
 )

 HTTPD_USER = constants.HTTPD_USER
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -23,6 +23,7 @@ from ipalib.install import certmonger, sysrestore
 import SSSDConfig
 import ipalib.util
 import ipalib.errors
+from ipaclient.install.client import sssd_enable_service
 from ipaplatform import services
 from ipaplatform.tasks import tasks
 from ipapython import ipautil, version, certdb
@@ -1771,6 +1772,10 @@ def upgrade_configuration():

    set_sssd_domain_option('ipa_server_mode', 'True')

+    sssdconfig = SSSDConfig.SSSDConfig()
+    sssdconfig.import_config()
+    sssd_enable_service(sssdconfig, 'ifp')
+
    krb = krbinstance.KrbInstance(fstore)
    krb.fqdn = fqdn
    krb.realm = api.env.realm