mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
d5aa1ee04e
One-way trust is the default now, use 'trust add --two-way ' to force bidirectional trust https://fedorahosted.org/freeipa/ticket/4959 In case of one-way trust we cannot authenticate using cross-realm TGT against an AD DC. We have to use trusted domain object from within AD domain and access to this object is limited to avoid compromising the whole trust configuration. Instead, IPA framework can call out to oddjob daemon and ask it to run the script which can have access to the TDO object. This script (com.redhat.idm.trust-fetch-domains) is using cifs/ipa.master principal to retrieve TDO object credentials from IPA LDAP if needed and then authenticate against AD DCs using the TDO object credentials. The script pulls the trust topology out of AD DCs and updates IPA LDAP store. Then IPA framework can pick the updated data from the IPA LDAP under normal access conditions. Part of https://fedorahosted.org/freeipa/ticket/4546 Reviewed-By: Tomas Babej <tbabej@redhat.com>
95 lines
4.6 KiB
Plaintext
95 lines
4.6 KiB
Plaintext
########################################################
|
|
# freeIPA Version #
|
|
# #
|
|
# freeIPA versions are as follows #
|
|
# 1.0.x New production series #
|
|
# 1.0.x{alpha,beta,rc}y Alpha/Preview/Testing, Beta, #
|
|
# Release Candidate #
|
|
# 1.0.0GITabcdefg Build from GIT #
|
|
# #
|
|
########################################################
|
|
|
|
########################################################
|
|
# This are the main version numbers #
|
|
# #
|
|
# <MAJOR>.<MINOR>.<RELEASE> #
|
|
# #
|
|
# e.g. IPA_VERSION_MAJOR=1 #
|
|
# IPA_VERSION_MINOR=0 #
|
|
# IPA_VERSION_RELEASE=0 #
|
|
# -> "1.0.0" #
|
|
########################################################
|
|
IPA_VERSION_MAJOR=4
|
|
IPA_VERSION_MINOR=2
|
|
IPA_VERSION_RELEASE=0
|
|
|
|
########################################################
|
|
# For 'alpha' releases the version will be #
|
|
# #
|
|
# <MAJOR>.<MINOR>.<RELEASE>alpha<ALPHA_RELEASE> #
|
|
# #
|
|
# e.g. IPA_VERSION_ALPHA_RELEASE=1 #
|
|
# -> "1.0.0alpha1" #
|
|
########################################################
|
|
IPA_VERSION_ALPHA_RELEASE=1
|
|
|
|
########################################################
|
|
# For 'beta' releases the version will be #
|
|
# #
|
|
# <MAJOR>.<MINOR>.<RELEASE>beta<BETA_RELEASE> #
|
|
# #
|
|
# e.g. IPA_VERSION_BETA_RELEASE=1 #
|
|
# -> "1.0.0beta1" #
|
|
########################################################
|
|
IPA_VERSION_BETA_RELEASE=
|
|
|
|
########################################################
|
|
# For 'rc' releases the version will be #
|
|
# #
|
|
# <MAJOR>.<MINOR>.<RELEASE>rc<RC_RELEASE> #
|
|
# #
|
|
# e.g. IPA_VERSION_RC_RELEASE=1 #
|
|
# -> "1.0.0rc1" #
|
|
########################################################
|
|
IPA_VERSION_RC_RELEASE=
|
|
|
|
########################################################
|
|
# To mark GIT snapshots this should be set to 'yes' #
|
|
# in the development BRANCH, and set to 'no' only in #
|
|
# the IPA_X_X_RELEASE BRANCH #
|
|
# #
|
|
# <MAJOR>.<MINOR>.<RELEASE>GITxxx #
|
|
# #
|
|
# e.g. IPA_VERSION_IS_SVN_SNAPSHOT=yes #
|
|
# -> "1.0.0GITabcdefg" #
|
|
########################################################
|
|
IPA_VERSION_IS_GIT_SNAPSHOT="yes"
|
|
|
|
########################################################
|
|
# The version of IPA data. This is used to identify #
|
|
# incompatibilities in data that could cause issues #
|
|
# with replication. If the built-in versions don't #
|
|
# match exactly then replication will fail. #
|
|
# #
|
|
# The format is %Y%m%d%H%M%S #
|
|
# #
|
|
# e.g. IPA_DATA_VERSION=`date +%Y%m%d%H%M%S` #
|
|
# -> "20100614120000" #
|
|
########################################################
|
|
IPA_DATA_VERSION=20100614120000
|
|
|
|
########################################################
|
|
# The version of the IPA API. This controls which #
|
|
# client versions can use the XML-RPC and json APIs #
|
|
# #
|
|
# A change to existing API requires a MAJOR version #
|
|
# update. The addition of new API bumps the MINOR #
|
|
# version. #
|
|
# #
|
|
# The format is a whole number #
|
|
# #
|
|
########################################################
|
|
IPA_API_VERSION_MAJOR=2
|
|
IPA_API_VERSION_MINOR=144
|
|
# Last change: ab - trusts: add support for one-way trust and switch to it by default
|