freeipa/ipa-client
Rob Crittenden 2f4f9054aa Enable a host to retrieve a keytab for all its services.
Using the host service principal one should be able to retrieve a keytab
for other services for the host using ipa-getkeytab. This required a number
of changes:

- allow hosts in the service's managedby to write krbPrincipalKey
- automatically add the host to managedby when a service is created
- fix ipa-getkeytab to return the entire prinicpal and not just the
  first data element. It was returning "host" from the service tgt
  and not host/ipa.example.com
- fix the display of the managedby attribute in the service plugin

This led to a number of changes in the service unit tests. I took the
opportunity to switch to the Declarative scheme and tripled the number
of tests we were doing. This shed some light on a few bugs in the plugin:

- if a service had a bad usercertificate it was impossible to delete the
  service. I made it a bit more flexible.
- I added a summary for the mod and find commands
- has_keytab wasn't being set in the find output

ticket 68
2010-08-16 17:13:56 -04:00
..
firefox Set the license uniformly to GPLv2 only. 2008-02-04 15:15:52 -05:00
ipa-install Retrieve the CA certificate before starting enrollment. 2010-06-21 09:52:15 -04:00
ipaclient Better LDAP error handling in ipa-client-install 2009-12-01 09:52:14 -07:00
man Call certmonger after krb5, avoid uninstall errors, better password handling. 2010-05-06 09:05:30 -06:00
AUTHORS Fix build from autoconf patch import. 0001-01-01 00:00:00 +00:00
config.c Fix a crash and memory leak in get_config_entry() 2010-02-16 10:42:45 -05:00
configure.ac Drop --with-openldap option in the client. This is no longer optional. 2010-06-21 09:52:11 -04:00
ipa-client.spec.in Fix versioning for configure.ac and ipa-python/setup.py 2008-08-11 18:31:05 -04:00
ipa-getkeytab.c Enable a host to retrieve a keytab for all its services. 2010-08-16 17:13:56 -04:00
ipa-join.c Initialize XML-RPC structures to fix issues uncovered by MALLOC_PERTURB_ 2010-05-06 09:04:49 -06:00
ipa-rmkeytab.c Add the popt auto-help/usage macro for enhanced help output. 2010-03-02 18:20:13 -05:00
Makefile.am A utility for removing principals from a keytab. 2009-12-04 16:29:09 -05:00
NEWS Fix build from autoconf patch import. 0001-01-01 00:00:00 +00:00
README Add a copy of the LICENSE and populate some README's 2008-01-23 10:30:18 -05:00
version.m4.in Fix versioning for configure.ac and ipa-python/setup.py 2008-08-11 18:31:05 -04:00

Code to be installed on any client that wants to be in an IPA domain.

Mostly consists of a tool for Linux systems that will help configure the
client so it will work properly in a kerberized environment.

It also includes several ways to configure Firefox to do single sign-on.

The two methods on the client side are:

1. globalsetup.sh. This modifies the global Firefox installation so that
   any profiles created will be pre-configured.

2. usersetup.sh. This will update a user's existing profile.

The downside of #1 is that an rpm -V will return a failure. It will also
need to be run with every update of Firefox.

One a profile contains the proper preferences it will be unaffected by
upgrades to Firefox. 

The downside of #2 is that every user would need to run this each time they
create a new profile.

There is a third, server-side method. See ipa-server/README for details.