IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-02 12:16:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,115 Commits 11 Branches 59 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
109b79a7ac
Go to file
Rob Crittenden 109b79a7ac Change the way has_keytab is determined, also check for password. 
We need an indicator to see if a keytab has been set on host and
service entries. We also need a way to know if a one-time password is
set on a host.

This adds an ACI that grants search on userPassword and
krbPrincipalKey so we can do an existence search on them. This way
we can tell if the attribute is set and create a fake attribute
accordingly.

When a userPassword is set on a host a keytab is generated against
that password so we always set has_keytab to False if a password
exists. This is fine because when keytab gets generated for the
host the password is removed (hence one-time).

This adds has_keytab/has_password to the user, host and service plugins.

ticket https://fedorahosted.org/freeipa/ticket/1538
2011-08-24 14:12:01 +02:00
.tx Add Transifex tx client configuration file 2011-03-07 16:05:33 -05:00
checks Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
contrib Fix lint false positives. 2011-04-13 15:58:45 +02:00
daemons Fix thread deadlock by using pthreads library instead of NSPR. 2011-08-24 13:57:37 +02:00
doc/examples Minor typos in the examples 2011-06-27 23:04:18 -04:00
install Change the way has_keytab is determined, also check for password. 2011-08-24 14:12:01 +02:00
ipa-client Make sure messagebus is running prior to starting certmonger. 2011-08-18 20:15:48 -04:00
ipalib Change the way has_keytab is determined, also check for password. 2011-08-24 14:12:01 +02:00
ipapython Make sure that hostname specified by user is not an IP address. 2011-07-25 01:47:52 -04:00
ipaserver Log each command in a batch separately. 2011-08-19 01:21:22 -04:00
selinux Fix selinux policies for ipa_kpasswd 2011-01-18 10:04:42 -05:00
tests Change the way has_keytab is determined, also check for password. 2011-08-24 14:12:01 +02:00
util Use internal implementation of internal Kerberos functions 2010-11-22 16:01:35 -05:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore Added functional test runner. 2011-04-05 21:21:54 +00:00
API.txt Fix automountkey-mod 2011-08-18 20:35:12 -04:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Rename ipa.spec.in to freeipa.spec.in in BUILD.txt. 2011-02-10 17:52:43 -05:00
Contributors.txt Add Alexander Bokovoy and Jan Cholasta to contributors file 2011-07-19 20:43:21 -04:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
freeipa.spec.in Add subscription-manager dependency for RHEL. 2011-08-23 00:27:30 -04:00
ipa Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
ipa-compliance.cron Add support for tracking and counting entitlements 2011-02-02 10:00:38 -05:00
ipa.1 Typos in freeIPA messages and man page 2011-05-10 08:46:57 +02:00
ipa.init Temporary workaround for systemd brokeness on fedora 15 2011-02-15 17:55:14 -05:00
lite-server.py rename static to ui 2011-01-20 14:12:47 +00:00
make-doc This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
make-lint Several improvements of the lint script. 2011-05-05 11:54:07 +02:00
make-test Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
make-testcert Make data type of certificates more obvious/predictable internally. 2011-06-21 19:09:50 -04:00
makeapi Remove doc from API.txt 2011-05-13 13:06:37 +02:00
Makefile Multi-process build problems 2011-06-19 20:28:51 -04:00
MANIFEST.in Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
README Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup-client.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
TODO Updated TODO based on discussion between Rob, Pavel, and Jason; put TODO in reStructuredText style formatting 2009-05-19 09:55:34 -04:00
VERSION Set VERSION to 2.99.0 on the 3.0 development branch 2011-08-18 16:59:20 -04:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Quick Start
  -----------

  To get started quickly, start here:
  <https://fedorahosted.org/freeipa/wiki/QuickStartGuide>

  Licensing
  ---------

  Please see the file called COPYING.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa