mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-13 01:31:56 -06:00
045b6e6ed9
dogtag opens its NSS database in read/write mode so we need to be very careful during renewal that we don't also open it up read/write. We basically need to serialize access to the database. certmonger does the majority of this work via internal locking from the point where it generates a new key/submits a rewewal through the pre_save and releases the lock after the post_save command. This lock is held per NSS database so we're save from certmonger. dogtag needs to be shutdown in the pre_save state so certmonger can safely add the certificate and we can manipulate trust in the post_save command. Fix a number of bugs in renewal. The CA wasn't actually being restarted at all due to a naming change upstream. In python we need to reference services using python-ish names but the service is pki-cad. We need a translation for non-Fedora systems as well. Update the CA ou=People entry when he CA subsystem certificate is renewed. This certificate is used as an identity certificate to bind to the DS instance. https://fedorahosted.org/freeipa/ticket/3292 https://fedorahosted.org/freeipa/ticket/3322 |
||
|---|---|---|
| .. | ||
| man | ||
| ipa-adtrust-install | ||
| ipa-ca-install | ||
| ipa-compat-manage | ||
| ipa-compliance | ||
| ipa-csreplica-manage | ||
| ipa-dns-install | ||
| ipa-ldap-updater | ||
| ipa-managed-entries | ||
| ipa-nis-manage | ||
| ipa-replica-conncheck | ||
| ipa-replica-install | ||
| ipa-replica-manage | ||
| ipa-replica-prepare | ||
| ipa-server-certinstall | ||
| ipa-server-install | ||
| ipa-upgradeconfig | ||
| ipactl | ||
| Makefile.am | ||