freeipa/ipaserver/install
Stanislav Levin 5c907e34ae named: Allow using of a custom OpenSSL engine for BIND
For now Debian, Fedora, RHEL, etc. build BIND with 'native PKCS11'
support. Till recently, that was the strict requirement of DNSSEC.
The problem is that this restricts cross-platform features of FreeIPA.

With the help of libp11, which provides `pkcs11` engine plugin for
the OpenSSL library for accessing PKCS11 modules in a semi-
transparent way, FreeIPA could utilize OpenSSL version of BIND.

BIND in turn provides ability to specify the OpenSSL engine on the
command line of `named` and all the BIND `dnssec-*` tools by using
the `-E engine_name`.

Fixes: https://pagure.io/freeipa/issue/8094
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-08-31 09:42:31 +03:00
..
plugins Increase replication changelog trimming to 30 days 2020-08-19 14:02:27 -04:00
server Fall back to old server installation detection when needed 2020-08-18 11:11:26 +02:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
adtrustinstance.py uninstall: Don't fail on missing /var/lib/samba 2020-08-17 10:46:23 +02:00
bindinstance.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
ca.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
cainstance.py cainstance: extract function import_ra_key 2020-07-16 15:30:53 +10:00
certs.py Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations 2020-08-06 12:49:51 +02:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dns.py Check for freeipa-server-dns package early 2020-05-15 14:24:00 +02:00
dnskeysyncinstance.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
dogtag.py Verify pki ini override early 2019-04-10 13:43:23 +02:00
dogtaginstance.py Add ipaplatform for Fedora and RHEL container 2020-07-30 11:38:25 +02:00
dsinstance.py Fix E714 test for object identity should be 'is not' 2020-05-05 10:42:46 +02:00
httpinstance.py pylint: Fix warning and error 2020-08-04 13:47:28 -04:00
installutils.py Use is_ipa_configured from ipalib.facts 2020-08-18 11:11:26 +02:00
ipa_acme_manage.py Use is_ipa_configured from ipalib.facts 2020-08-18 11:11:26 +02:00
ipa_backup.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
ipa_cacert_manage.py lint: Make Pylint-2.4 happy again 2020-02-12 18:08:32 +02:00
ipa_cert_fix.py Create a common place to retrieve facts about an IPA installation 2020-08-06 14:11:27 +02:00
ipa_crlgen_manage.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
ipa_kra_install.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py ipa-backup/restore: remove remaining chdir calls 2020-07-31 17:38:39 -04:00
ipa_server_certinstall.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_trust_enable_agent.py ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipactl.py Create a common place to retrieve facts about an IPA installation 2020-08-06 14:11:27 +02:00
kra.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
krainstance.py Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00
krbinstance.py CAless installation: set the perms on KDC cert file 2020-08-03 18:00:08 -04:00
ldapupdate.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00
odsexporterinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
opendnssecinstance.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Increase replication changelog trimming to 30 days 2020-08-19 14:02:27 -04:00
schemaupdate.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00
service.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00