freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Files

Rob Crittenden ecc08e3983 Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)

A PKCS#12 file is generated from a set of input files in various
formats. This file is then used to provide the public and private
keys and certificate chain fro importing into an NSS database.

In order to work in FIPS mode stronger encryption is required.

The default OpenSSL certificate algo is 40-bit RC2 which is not
allowed in FIPS mode. The default private key algo is 3DES.
Use AES-128 instead for both.

Fixes: https://pagure.io/freeipa/issue/7948

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>

2019-05-14 12:46:56 -04:00

install

Py3: Remove subclassing from object

2018-09-27 11:49:04 +02:00

__init__.py

Rename ipa-python directory to ipapython so it is a real python library

2009-02-09 14:35:15 -05:00

admintool.py

pylint 2.2: Fix unnecessary pass statement

2018-11-26 16:54:43 +01:00

certdb.py

Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)

2019-05-14 12:46:56 -04:00

config.py

Py3: Replace six.moves imports

2018-10-05 12:06:19 +02:00

cookie.py

Py3: Replace six.moves imports

2018-10-05 12:06:19 +02:00

directivesetter.py

Py3: Replace six.text_type with str

2018-09-27 16:11:18 +02:00

dn_ctypes.py

Load libldap_r-*.so.2

2019-05-14 12:27:55 +02:00

dn.py

Make python-ldap optional for PyPI packages

2019-04-26 12:53:23 +02:00

dnsutil.py

Py3: Replace six.string_types with str

2018-09-27 16:11:18 +02:00

dogtag.py

Send only the path and not the full URI to httplib.request

2019-03-19 11:00:43 -04:00

errors.py

Replace StandardError with Exception

2015-09-30 10:51:36 +02:00

graph.py

Py3: Remove subclassing from object

2018-09-27 11:49:04 +02:00

ipa_log_manager.py

Remove deprecated object logger

2019-04-23 12:55:35 +02:00

ipaldap.py

Revert "Require a minimum SASL security factor of 56"

2019-05-02 11:39:23 +02:00

ipautil.py

Make netifaces optional

2019-04-09 11:28:37 +02:00

ipavalidate.py

Change FreeIPA license to GPLv3+

2010-12-20 17:19:53 -05:00

kerberos.py

Py3: Replace six.bytes_type with bytes

2018-09-27 16:11:18 +02:00

kernel_keyring.py

Don't configure KEYRING ccache in containers

2019-01-18 11:33:11 +01:00

Makefile.am

ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 18:39:48 +01:00

nsslib.py

Remove ipapython.nsslib as it is not used anymore

2017-03-01 09:43:41 +00:00

README

Replace DNS client based on acutil with python-dns

2012-05-24 13:55:56 +02:00

session_storage.py

Fix pylint warnings inconsistent-return-statements

2017-12-18 11:51:14 +01:00

setup.cfg

Port all setup.py to setuptools

2016-10-20 18:43:37 +02:00

setup.py

Make python-ldap optional for PyPI packages

2019-04-26 12:53:23 +02:00

ssh.py

Py3: Remove subclassing from object

2018-09-27 11:49:04 +02:00

version.py.in

ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 18:39:48 +01:00

README

This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.

A brief overview:

config.py - identify the IPA server domain and realm. It uses python-dns to
            try to detect this information first and will fall back to
            /etc/ipa/default.conf if that fails.

ipautil.py - helper functions

entity.py - entity is the main data type. User and Group extend this class
            (but don't add anything currently).

ipavalidate.py - basic data validation routines