freeipa/install/share
Fraser Tweedale 00a84464ea acme: configure engine.conf and disable by default
When deploying ACME set up configsources.conf to retrieve engine
configuration from engine.conf.  In the initial configuration, the
ACME service is disabled (i.e. it will refuse to service requests).

A subsequent commit will add command(s) for flipping the ACME
service on or off (on a per-server basis).  Later we will move to
LDAP configuration so that management of the ACME service is
deployment-wide.

The default configuration also disables issuance of wildcard
certificates.

Part of: https://pagure.io/freeipa/issue/4751

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-07-10 08:33:22 -04:00
..
advise Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
profiles acme: add certificate profile 2020-07-10 08:33:22 -04:00
schema.d Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
05rfc2247.ldif Remove references to GPL v2.0 license 2015-02-20 15:40:42 +01:00
15rfc2307bis.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
15rfc4876.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
60basev2.ldif Add group membership management 2019-11-11 09:31:14 +01:00
60basev3.ldif Short name resolution: introduce the required schema 2017-03-14 18:37:10 +01:00
60certificate-profiles.ldif Add 'ca' plugin 2016-06-15 07:13:38 +02:00
60ipaconfig.ldif Add knob to limit hostname length 2019-05-16 14:38:43 -04:00
60ipadns.ldif DNS: Support URI resource record type 2016-10-11 16:48:47 +02:00
60ipapk11.ldif DNSSEC: schema 2014-10-21 12:23:03 +02:00
60kerberos.ldif Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
60samba.ldif Make schema files conform to new updater 2013-11-18 16:54:21 +01:00
61kerberos-ipav3.ldif mark 'ipaKrbPrincipalAlias' attribute as deprecated in schema 2016-06-23 09:48:06 +02:00
65ipacertstore.ldif Add LDAP schema for certificate store. 2014-07-30 16:04:21 +02:00
65ipasudo.ldif Update X-ORIGIN for 4.0 2014-07-01 13:57:06 +02:00
70ipaotp.ldif Revert "Make all ipatokenTOTP attributes mandatory" 2015-01-21 09:20:15 +01:00
70topology.ldif handle multiple managed suffixes 2015-10-15 14:24:33 +02:00
71idviews.ldif idviews: Add user certificate attribute to user ID overrides 2016-05-06 07:12:01 +02:00
72domainlevels.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
73certmap.ldif Add altSecurityIdentities attribute from MS-WSPP schema definition 2019-07-17 17:50:07 +03:00
anon-princ-aci.ldif Use Anonymous user to obtain FAST armor ccache 2017-02-15 07:13:37 +01:00
automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
bind.ipa-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.ipa-options-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.named.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bootstrap-template.ldif Prevent local account takeover 2020-06-15 22:44:42 +03:00
ca-topology.uldif Revert "upgrade: add replica bind DN group check interval to CA topology config" 2016-12-09 15:47:13 +01:00
certmap.conf.template Define template version in certmap.conf 2017-03-01 12:46:50 +01:00
custodia.conf.template Backup ipa-custodia conf and keys 2017-11-13 18:10:54 +01:00
default-aci.ldif Add group membership management 2019-11-11 09:31:14 +01:00
default-hbac.ldif Fix systemd-user HBAC rule 2019-01-15 14:29:22 -05:00
default-smb-group.ldif Change DNA magic value to -1 to make UID 999 usable 2013-03-11 17:07:07 +01:00
default-trust-view.ldif idviews: Add Default Trust View as part of adtrustinstall 2014-09-30 10:42:06 +02:00
delegation.ldif DNS Locations: Always create DNS related privileges 2016-06-03 15:58:21 +02:00
dna.ldif Moved update of DNA plugin among update plugins 2016-11-11 12:13:56 +01:00
dns.ldif Allow hosts to read DNS records for IP SAN 2020-03-16 13:04:17 +01:00
dnssec.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
domainlevel.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
ds-ipa-env.conf.template Move DS's Kerberos env vars to unit file 2019-04-02 19:35:38 +02:00
ds-nfiles.ldif Autotune directory server to use a greater number of files 2010-11-22 12:42:16 -05:00
entryusn.ldif Address entryusn initialization on replica installation 2011-01-28 13:58:43 -05:00
freeipa-server.template Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
gssapi.login Change session handling 2017-02-15 07:13:37 +01:00
gssproxy.conf.template Add options to allow ticket caching 2017-03-16 13:10:37 +01:00
host_nis_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
indices.ldif Add group membership management 2019-11-11 09:31:14 +01:00
ipa-httpd-wsgi.conf.template Replace wsgi package conflict with config file 2018-02-09 08:28:11 +01:00
ipa-httpd.conf.template Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
ipa-kdc-proxy.conf.template Don't use deprecated Apache Access options. 2018-11-15 17:52:10 -05:00
ipa-pki-proxy.conf.template acme: ipa-pki-proxy: proxy /acme to Dogtag 2020-07-10 08:33:22 -04:00
ipa-rewrite.conf.template Move config templates from install/conf to install/share 2018-02-09 09:14:22 +01:00
ipa.conf.template Use httpd 2.4 syntax for access control 2020-05-07 11:00:55 -04:00
ipaca_customize.ini Configure PKI AJP Secret with 256-bit secret 2020-06-23 09:20:24 +02:00
ipaca_default.ini Configure PKI AJP Secret with 256-bit secret 2020-06-23 09:20:24 +02:00
ipaca_softhsm2.ini Add pki.ini override option 2019-04-10 13:43:23 +02:00
ipakrb5.aug install: introduce generic Kerberos Augeas lens 2017-05-19 12:31:24 +02:00
kdc_extensions.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc_req.conf.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc.conf.template Add new authentication indicators in kdc.conf.template 2019-09-10 12:33:21 +03:00
kdcproxy-disable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy-enable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.conf Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.wsgi Replace hard-coded kdcproxy path with WSGI script 2017-04-12 13:05:23 +02:00
kerberos.ldif Enable AES SHA 256 and 384-bit enctypes in Kerberos 2019-11-04 09:45:07 -05:00
krb5.conf.template install: do not assume /etc/krb5.conf.d exists 2017-06-28 15:44:51 +02:00
krb5.ini.template Set master_kdc and dns_lookup_kdc to true 2012-09-19 20:47:12 -04:00
krb.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
krbrealm.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
Makefile.am acme: configure engine.conf and disable by default 2020-07-10 08:33:22 -04:00
managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
master-entry.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
memberof-conf.ldif Display user and host membership in netgroups. 2010-11-24 08:38:41 -05:00
memberof-task.ldif Wait for memberof task and DS to start before proceeding in installation. 2011-04-22 11:43:50 +02:00
memcache-remove.uldif Change session handling 2017-02-15 07:13:37 +01:00
modrdn-krbprinc.ldif add krbCanonicalName to attributes watched by MODRDN plugin 2016-06-23 09:48:06 +02:00
nis-update.uldif Upgrade: Fix upgrade of NIS Server configuration 2016-01-11 09:45:54 +01:00
nis.uldif Enable transactions by default, make password and modrdn TXN-aware 2012-11-21 14:55:12 +01:00
opendnssec_conf.template Remove the <Interval> from opendnssec conf 2020-03-12 21:48:25 +01:00
opendnssec_kasp.template DNSSEC: update OpenDNSSEC KASP configuration 2015-05-19 12:50:56 +00:00
pki-acme-configsources.conf.template acme: configure engine.conf and disable by default 2020-07-10 08:33:22 -04:00
pki-acme-database.conf.template acme: set up ACME service when configuring CA 2020-07-10 08:33:22 -04:00
pki-acme-engine.conf.template acme: configure engine.conf and disable by default 2020-07-10 08:33:22 -04:00
pki-acme-issuer.conf.template acme: create ACME RA account 2020-07-10 08:33:22 -04:00
pw-logging-conf.ldif Switch nsslapd-unhashed-pw-switch to nolog 2019-05-24 12:42:51 +02:00
referint-conf.ldif Update referential integrity config for DS 1.3.3 2014-09-12 17:42:08 +02:00
replica-acis.ldif Update ACIs with the correct syntax 2020-05-04 20:49:23 +02:00
replica-automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
replica-prevent-time-skew.ldif ds: ignore time skew during initial replication step 2017-10-19 17:48:58 +03:00
repoint-managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
root-autobind.ldif Remove root autobind search restriction, fix upgrade logging & error handling. 2011-06-13 09:51:05 +02:00
sasl-mapping-fallback.ldif Enable SASL mapping fallback. 2013-06-27 17:06:51 +02:00
schema-update.ldif Fix nsslapdPlugin object class after initial replication. 2013-09-10 09:49:43 +02:00
smb.conf.empty Add trust management for Active Directory trusts 2012-06-07 09:39:09 +02:00
smb.conf.template Enforce SMBLoris attack protection in default Samba configuration 2019-04-24 15:47:19 -04:00
sudobind.ldif Create default disabled sudo bind user 2011-02-23 15:32:24 -05:00
topology-entries.ldif rename topology suffixes to "domain" and "ca" 2015-12-04 12:59:21 +01:00
unique-attributes.ldif Server Upgrade: Fix uniqueness plugins 2015-05-19 12:45:41 +00:00
user_private_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
uuid.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
vault.ldif install: support KRA update 2015-09-17 14:55:54 +02:00
wsgi.py Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00