freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 08:51:50 -06:00

History

Rob Crittenden 5bf1cee702 Clear kernel keyring in client installer, save dbdir on new connections This patch addresses two issues: 1. If a client is previously enrolled in an IPA server and the server gets re-installed then the client machine may still have a keyring entry for the old server. This can cause a redirect from the session URI to the negotiate one. As a rule, always clear the keyring when enrolling a new client. 2. We save the NSS dbdir in the connection so that when creating a new session we can determine if we need to re-initialize NSS or not. Most of the time we do not. The dbdir was not always being preserved between connections which could cause an NSS_Shutdown() to happen which would fail because of existing usage. This preserves the dbdir information when a new connection is created as part of the session mechanism. https://fedorahosted.org/freeipa/ticket/3108		2012-10-03 19:22:00 +02:00
..
firefox	Change FreeIPA license to GPLv3+	2010-12-20 17:19:53 -05:00
ipa-install	Clear kernel keyring in client installer, save dbdir on new connections	2012-10-03 19:22:00 +02:00
ipaclient	Improve DN usage in ipa-client-install	2012-10-02 13:39:11 +02:00
man	Use Dogtag 10 only when it is available	2012-09-17 18:43:59 -04:00
AUTHORS	Fix build from autoconf patch import.	0001-01-01 00:00:00 +00:00
config.c	Fix coverity issues in client CLI tools	2011-11-23 00:30:41 -05:00
configure.ac	Add configure check for libintl.h	2011-11-16 18:35:19 -05:00
ipa-client-common.c	Change FreeIPA license to GPLv3+	2010-12-20 17:19:53 -05:00
ipa-client-common.h	include <stdint.h> for uintptr_t	2011-09-22 09:42:11 -04:00
ipa-client.spec.in	Fix versioning for configure.ac and ipa-python/setup.py	2008-08-11 18:31:05 -04:00
ipa-getkeytab.c	Move some krb5 keys related functions from ipa-client to util	2012-06-11 12:04:05 +02:00
ipa-join.c	Use indexed format specifiers in i18n strings	2012-04-10 18:07:10 -04:00
ipa-rmkeytab.c	Use indexed format specifiers in i18n strings	2012-04-10 18:07:10 -04:00
Makefile.am	Add configure check for libintl.h	2011-11-16 18:35:19 -05:00
NEWS	Fix build from autoconf patch import.	0001-01-01 00:00:00 +00:00
README	Add a copy of the LICENSE and populate some README's	2008-01-23 10:30:18 -05:00
version.m4.in	Fix versioning for configure.ac and ipa-python/setup.py	2008-08-11 18:31:05 -04:00

README

Code to be installed on any client that wants to be in an IPA domain.

Mostly consists of a tool for Linux systems that will help configure the
client so it will work properly in a kerberized environment.

It also includes several ways to configure Firefox to do single sign-on.

The two methods on the client side are:

1. globalsetup.sh. This modifies the global Firefox installation so that
   any profiles created will be pre-configured.

2. usersetup.sh. This will update a user's existing profile.

The downside of #1 is that an rpm -V will return a failure. It will also
need to be run with every update of Firefox.

One a profile contains the proper preferences it will be unaffected by
upgrades to Firefox. 

The downside of #2 is that every user would need to run this each time they
create a new profile.

There is a third, server-side method. See ipa-server/README for details.