mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
6b6c1879c5
hsm_validator was validating that the token was available but not that the provided password worked. Add that capability. Also call it early in the CA and KRA installation cycle so that it errors out early. This is particularly important for the KRA because there is no uninstaller. Bump the minimum PKI release to 11.5.0 as that contains important fixes for the HSM. Remove an unused arguments to hsm_version and hsm_validator. Related: https://pagure.io/freeipa/issue/9273 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>