IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
0bdbf11442
freeipa/ipaserver/install
History
Antonio Torres 0bdbf11442 Add checks to prevent adding auth indicators to internal IPA services 
Authentication indicators should not be enforced against internal
IPA services, since not all users of those services are able to produce
Kerberos tickets with all the auth indicator options. This includes
host, ldap, HTTP and cifs in IPA server and cifs in IPA clients.
If a client that is being promoted to replica has an auth indicator
in its host principal then the promotion is aborted.

Fixes: https://pagure.io/freeipa/issue/8206
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-07-05 11:07:02 +02:00
..
plugins Move constants, document timeout loop 2021-05-12 13:29:31 -04:00
server Add checks to prevent adding auth indicators to internal IPA services 2021-07-05 11:07:02 +02:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
adtrustinstance.py uninstall: Don't fail on missing /var/lib/samba 2020-08-17 10:46:23 +02:00
bindinstance.py LDAP autobind authenticateAsDN for BIND named 2021-06-15 14:13:16 +03:00
ca.py Remove the option stop_certmonger from stop_tracking_* 2021-02-15 17:13:53 +02:00
cainstance.py pkispawn: override AJP connector address 2021-05-26 17:04:56 +03:00
certs.py CA-less install: non-ASCII chars in CA cert subject 2021-06-16 11:25:08 -04:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py Add user and group wrappers 2020-09-22 09:23:18 -04:00
dns.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
dnskeysyncinstance.py dnskeysyncinstance: use late binding for UID/GID resolution 2020-12-22 14:05:13 +02:00
dogtag.py Verify pki ini override early 2019-04-10 13:43:23 +02:00
dogtaginstance.py pkispawn: Make timeout consistent with IPA's startup_timeout 2021-05-06 11:05:14 -04:00
dsinstance.py Use get_replication_plugin_name in LDAP updater 2021-06-21 10:58:02 +02:00
httpinstance.py cleanup: Drop never used path for httpd's ccache 2021-03-04 14:17:01 +02:00
installutils.py Use get_replication_plugin_name in LDAP updater 2021-06-21 10:58:02 +02:00
ipa_acme_manage.py ipa-acme-manage: user a cookie created for the communication with dogtag REST endpoints 2020-11-17 18:48:24 +02:00
ipa_backup.py BIND: Setup logging 2021-05-25 10:45:49 +03:00
ipa_cacert_manage.py ipa-cacert-manage: add prune option 2021-02-12 14:08:11 -05:00
ipa_cert_fix.py ipa-cert-fix man page: add note about certmonger renewal 2021-06-10 20:59:27 +02:00
ipa_crlgen_manage.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
ipa_kra_install.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
ipa_ldap_updater.py Remove -s option from ipa-ldap-updater usage 2021-05-20 14:45:27 -04:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server 2021-06-17 17:28:48 -04:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py LDAP autobind authenticateAsDN for BIND named 2021-06-15 14:13:16 +03:00
ipa_server_certinstall.py Require an ipa-ca SAN on 3rd party certs if ACME is enabled 2020-11-02 14:01:05 -05:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_trust_enable_agent.py ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipactl.py Ensure IPA is running (ideally) before uninstalling the KRA 2021-02-04 01:29:53 +01:00
kra.py Ensure IPA is running (ideally) before uninstalling the KRA 2021-02-04 01:29:53 +01:00
krainstance.py Change KRA profiles in certmonger tracking so they can renew 2020-12-01 12:56:03 +01:00
krbinstance.py Ensure that KDC cert has SAN DNS entry 2021-01-29 13:36:41 -05:00
ldapupdate.py Use get_replication_plugin_name in LDAP updater 2021-06-21 10:58:02 +02:00
odsexporterinstance.py odsexporterinstance: use late binding for UID/GID resolution 2020-12-22 14:05:13 +02:00
opendnssecinstance.py opendnssecinstance: use late binding for UID/GID resolution 2020-12-22 14:05:13 +02:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Use get_replication_plugin_name in LDAP updater 2021-06-21 10:58:02 +02:00
schemaupdate.py Unify access to FQDN 2020-10-26 17:11:19 +11:00
service.py LDAP autobind authenticateAsDN for BIND named 2021-06-15 14:13:16 +03:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Use get_replication_plugin_name in LDAP updater 2021-06-21 10:58:02 +02:00