IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 01:41:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
3e1dc6b74f
freeipa/install/tools
History
Simo Sorce 345fc79f03 pkinit-replica: create certificates for replicas too 
altough the kdc certificate name is not tied to the fqdn we create separate
certs for each KDC so that renewal of each of them is done separately.
2010-11-18 15:09:57 -05:00
..
man Use Realm as certs subject base name 2010-11-18 15:09:31 -05:00
ipa-compat-manage Enable compat plugin by default and configure netgroups 2010-08-19 10:50:07 -04:00
ipa-dns-install Log script options to logfile 2010-11-09 13:28:10 -05:00
ipa-ldap-updater Log script options to logfile 2010-11-09 13:28:10 -05:00
ipa-nis-manage Fix NotFound exception in ipa-nis-manage. 2010-11-09 13:33:04 -05:00
ipa-replica-install pkinit-replica: create certificates for replicas too 2010-11-18 15:09:57 -05:00
ipa-replica-manage Fall back to DM password if GSSAPI fails and make deleting more user-friendly 2010-06-01 09:52:21 -04:00
ipa-replica-prepare pkinit-replica: create certificates for replicas too 2010-11-18 15:09:57 -05:00
ipa-server-certinstall Use Realm as certs subject base name 2010-11-18 15:09:31 -05:00
ipa-server-install Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
ipa-upgradeconfig Better upgrade detection so we don't print spurious errors 2009-09-15 17:42:36 -04:00
ipactl Have ipactl start named after the KDC, otherwise it will fail. 2010-09-16 13:40:36 -04:00
Makefile.am Remove ipa-fix-CVE-2008-3274, it isn't needed any more. 2010-11-08 14:23:27 -05:00
README Remove some more mod_python references 2010-11-10 17:38:17 -05:00

README 

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_wsgi
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test