freeipa/ipaserver/secrets
Simo Sorce 1f9f84a66d
Make sure remote hosts have our keys
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys against.
In this case race conditions may happen due to replication. So we need
to make sure the server we are contacting to get the CA keys has our
keys in LDAP. We do this by waiting to positively fetch our encryption
public key (the last one we create) from the target host LDAP server.

Fixes: https://pagure.io/freeipa/issue/6838

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-05-03 16:37:21 +02:00
..
__init__.py ipapython: move dnssec, p11helper and secrets to ipaserver 2016-11-29 14:50:51 +01:00
client.py added ssl verification using IPA trust anchor 2017-02-27 07:53:05 +00:00
common.py py3: custodia: basedn must be unicode 2017-02-10 14:03:04 +01:00
kem.py Make sure remote hosts have our keys 2017-05-03 16:37:21 +02:00
service.py Use Custodia 0.3.1 features 2017-03-28 15:02:06 +02:00
store.py Fix replica with --setup-ca issues 2017-03-01 13:39:44 +00:00