mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
d0587cbdd5
This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ... |
||
|---|---|---|
| .. | ||
| firefox | ||
| ipa-install | ||
| ipaclient | ||
| man | ||
| AUTHORS | ||
| config.c | ||
| configure.ac | ||
| ipa-client.spec.in | ||
| ipa-getkeytab.c | ||
| ipa-join.c | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| version.m4.in | ||
Code to be installed on any client that wants to be in an IPA domain. Mostly consists of a tool for Linux systems that will help configure the client so it will work properly in a kerberized environment. It also includes several ways to configure Firefox to do single sign-on. The two methods on the client side are: 1. globalsetup.sh. This modifies the global Firefox installation so that any profiles created will be pre-configured. 2. usersetup.sh. This will update a user's existing profile. The downside of #1 is that an rpm -V will return a failure. It will also need to be run with every update of Firefox. One a profile contains the proper preferences it will be unaffected by upgrades to Firefox. The downside of #2 is that every user would need to run this each time they create a new profile. There is a third, server-side method. See ipa-server/README for details.