mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
453a19fcac
We want to only allow a machine to request a certificate for itself, not for other machines. I've added a new taksgroup which will allow this. The requesting IP is resolved and compared to the subject of the CSR to determine if they are the same host. The same is done with the service principal. Subject alt names are not queried yet. This does not yet grant machines actual permission to request certificates yet, that is still limited to the taskgroup request_certs. |
||
---|---|---|
.. | ||
10-RFC2307bis.update | ||
10-RFC4876.update | ||
20-dna.update | ||
20-indices.update | ||
20-nss_ldap.update | ||
20-replication.update | ||
20-winsync_index.update | ||
30-automount.update | ||
30-groupofhosts.update | ||
30-netgroups.update | ||
30-policy.update | ||
30-rolegroup.update | ||
30-taskgroup.update | ||
40-delegation.update | ||
Makefile.am | ||
README |
The update files are sorted before being processed because there are cases where order matters (such as getting schema added first, creating parent entries, etc). 10 - 20: Schema 20 - 30: FDS Configuration, new indices 30 - 40: Structual elements of the DIT 40 - 50: Pre-loaded data