Add CA ACL plugin

Implement the caacl commands, which are used to indicate which principals may be issued certificates from which (sub-)CAs, using which profiles. At this commit, and until sub-CAs are implemented, all rules refer to the top-level CA (represented as ".") and no ca-ref argument is exposed. Also, during install and upgrade add a default CA ACL that permits certificate issuance for all hosts and services using the profile 'caIPAserviceCert' on the top-level CA. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-05-25 08:39:07 -04:00
parent ae56ca422d
commit bc0c606885
16 changed files with 771 additions and 2 deletions
--- a/4
+++ b/4
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=127
-# Last change: jcholast - add kra_is_enabled
+IPA_API_VERSION_MINOR=128
+# Last change: ftweedal - add caacl plugin