This tool will dump and re-encrypt all keys, then reload and change
the master key in LDAP and in the stash file.
It will also restart the Directory Server and the the KDC
but will allow for changing configurations without having to restart DS.
Password operations are slow and rare enough this is an acceptable compromise.
- wrong import in certs.py makes ipa-replica-manage fail
- close the fs after the stash file is written so that the file is updated
immediately and not when the fd is garbage collected
ldap add and modify operation performed on the userPassword attribute.
Add helper functions to reduce code duplication.
Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)
Fix make maintainer-clean
Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)
Version 1.1.0 was released some times ago, bump up to 1.1.1
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
We will use them to encrypt the replica file so that we can
transport it over more safely.
It contains sensitive data, by encrypting it we assure that
even if a distracted admin leaves it around it cannot be accessed
without knowing the access passphrase (usually the Directory Manager
password)
Along the way fix also ipautil.run which was buggy and not passing
in correctly stdin.
Add dependency for gnupg in spec file
We used to manually load the template files for the edit pages using
turbogears.meta.load_kid_template(). Unfortunately this went through
the one code path where encoding was completely ignored. It ended up
defaulting to sys.getdefaultencoding() which is 'ascii'. So even though
most of the templates are loaded as 'utf-8' the few that really mattered
weren't.
The fix is to call kid.load_template() ourselves and set the encoding of
the class we just loaded to either the setting in the app.cfg file or
to the normal default value of 'utf-8'.
454076
Add the ability to provide PKCS#12 files during initial installation
Add the ability to provide PKCS#12 files when preparing a replica
Correct some issues with ipa-server-certinstall
452402
