Commit Graph

35 Commits

Author SHA1 Message Date
Jason Gerard DeRose
85bb506d5b Add fix for wehjit (ctypes) SELinux problem 2010-02-12 01:22:02 -07:00
John Dennis
4461a74403 Add support for building internationalized translations.
A new directory install/po has been added which contains all
the translations for all files in IPA.

The build has been agumented to build these files. Also the
autogen.sh script was mostly replaced by autoreconf, the preferred
method. The old autogen.sh sript also had some serious bugs in the
way it compared versions which caused it to run old versions of some
of the tools, using standared autoreconf is much better.
2010-02-09 22:07:18 -05:00
Martin Nagy
b05f94fb4c Add ipa-dns-install script
Unfortunately, for now there is no --uninstall option.
2010-02-09 15:45:35 -05:00
Rob Crittenden
3ff06c498b Configure sssd and certmonger in ipa-client-install
This does a number of things under the hood:

- Use authconfig to enable sssd in nss and pam
- Configure /etc/sssd/sssd.conf to use our IPA provider
- Enable the certmonger process and request a server cert
- join the IPA domain and retrieve a principal. The clinet machine
  *must* exist in IPA to be able to do a join.
- And then undo all this on uninstall
2010-02-03 15:41:02 -05:00
Jason Gerard DeRose
ec142329aa Update spec to require python-wehjit >= 0.2.0 2010-01-27 09:41:28 -05:00
Pavel Zuna
c15c1eee72 Add DS migration plugin and password migration page. 2010-01-20 16:54:17 -05:00
Rob Crittenden
864490ff41 Replace uses of %define with %global in the .spec file
Fixes rawhide builds per
https://www.redhat.com/archives/fedora-devel-list/2010-January/msg00093.html

Contributed by Nalin Dahyabhai
2010-01-07 14:12:52 -05:00
Rob Crittenden
62d40286ac A utility for removing principals from a keytab.
When we un-enroll a client we'll do a bit of cleanup including removing
any principals for the IPA realm from /etc/krb5.keytab.

This removes principals in 2 ways:
- By principal, only entries matching the full principal are removed
- By realm. Any principal for that realm is removed

This does not change the KDC at all, just removes entries from a file
on the client machine.
2009-12-04 16:29:09 -05:00
Rob Crittenden
a535cb0772 Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1 Any type 2009-12-02 12:47:39 -07:00
Rob Crittenden
384eec771d Replace /etc/ipa/ipa.conf with /etc/ipa/default.conf
The new framework uses default.conf instead of ipa.conf. This is useful
also because Apache uses a configuration file named ipa.conf.

This wipes out the last vestiges of the old ipa.conf from v1.
2009-12-01 09:11:23 -07:00
Rob Crittenden
cfec51819b Add SELinux policy for CRL file publishing.
This policy should really be provided by dogtag. We don't want
to grant read/write access to everything dogtag can handle so we
change the context to cert_t instead. But we have to let dogtag
read/write that too hence this policy.

To top it off we can't load this policy unless dogtag is also loaded
so we insert it in the IPA installer
2009-11-26 00:16:30 -07:00
Rob Crittenden
8a7c22939d Bash tab completion script 2009-11-25 08:48:38 -07:00
John Dennis
55422cb7b9 Require current versions of python-nss & python-lxml
ipa.spec.in         |    3 ++-
 ipapython/nsslib.py |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)
2009-11-23 16:52:06 -05:00
Rob Crittenden
da58b0cc75 Add SELinux policy for UI assets
This also removes the Index option of /ipa-assets as well as the
deprecated IPADebug option.

No need to build or install ipa_webgui anymore. Leaving in the code
for reference purposes for now.
2009-11-04 04:07:38 -07:00
Jason Gerard DeRose
5782b882a7 ipa-server-install now renders UI assets 2009-11-04 03:52:30 -07:00
Rob Crittenden
a3a0c0ae33 Add a separate client-only target 2009-10-17 22:56:47 -06:00
Jason Gerard DeRose
f58ff2921d Giant webui patch take 2 2009-10-13 11:28:00 -06:00
Rob Crittenden
1d6e23136a Add man page for ipa-join command 2009-10-12 14:50:02 -04:00
Rob Crittenden
342337a893 No longer use the IPA-specific memberof plugin. Use the DS-supplied one. 2009-10-12 09:37:38 -04:00
Rob Crittenden
38a27b1c2f Properly own (via ghost) the Apache configuration files. 2009-09-28 15:35:55 -06:00
Jason Gerard DeRose
e2ecf02822 Added BuildRequires: xmlrpc-c-devel 2009-09-24 17:49:16 -06:00
Rob Crittenden
d0587cbdd5 Enrollment for a host in an IPA domain
This will create a host service principal and may create a host entry (for
admins).  A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.

This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
2009-09-24 17:45:49 -06:00
Rob Crittenden
08fc563212 Generate CRLs and make them available from the IPA web server 2009-08-26 09:51:19 -04:00
Rob Crittenden
b1e1188ccc Move ipalib to the ipa-python subpackage and bump up min version of slapi-nis. 2009-05-21 15:37:22 -06:00
Rob Crittenden
7ef34b8cda Own the Apache configuration files that ipa-server-install creates 2009-05-19 09:53:57 -04:00
Rob Crittenden
de88954b91 New tool to enable/disable DS plugin to act as NIS server 2009-05-13 14:09:56 -04:00
Rob Crittenden
2f7c6bc3db Add python-nss as a dependency 2009-05-04 17:01:57 -04:00
Rob Crittenden
d9c4ba5a30 Remove our copy of the DNA plugin and use the one that comes with DS.
The DS plugin does config checking when adding new entries online so
we are dropping the Posix subtree.
2009-03-06 17:37:37 -05:00
Rob Crittenden
c25181be57 Don't build radius by default 2009-03-04 15:40:06 -05:00
Jakub Hrozek
6dae08868f Add missing buildrequires 2009-02-23 15:41:06 -05:00
Rob Crittenden
f2abe05398 Use OpenSSL for SSL instead of the built-in python version. 2009-02-20 10:40:54 -05:00
Rob Crittenden
262ff2d731 Rename ipa-python directory to ipapython so it is a real python library
We used to install it as ipa, now installing it as ipapython. The rpm
is still ipa-python.
2009-02-09 14:35:15 -05:00
Rob Crittenden
baef3003bc Replace TurboGears requirement with python-cherrypy Remove some commented-out files Move /usr/bin/ipa to admintools package 2009-02-06 15:03:49 -05:00
Rob Crittenden
240fb938d2 Complete consolidation into a single autogen.sh 2009-02-04 09:04:26 -05:00
Rob Crittenden
2d7e0de5ea Get merged tree into an installalble state.
I have only tested the all, rpms and *clean targets directly.
install may work but the rpm moves a lot of things around for us.

The Apache configuration file isn't in its final state but it works
with the new mod_python configuration.
2009-02-03 15:29:20 -05:00