IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
6c5f2bcb30
freeipa/install/share
History
Rob Crittenden beaa0562dc Add support for Random Serial Numbers v3 
Dogtag has implemented a new random serial number scheme
they are calling RSNv3.

https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers-v3

Given the known issues reported this will be supported in IPA for
new installations only.

There is no mixing of random servers and non-random servers
allowed.

Instructions for installing a CA:
https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing-CA-with-Random-Serial-Numbers-v3.adoc

Instructions for installing a KRA:
https://github.com/dogtagpki/pki/blob/master/docs/installation/kra/Installig-KRA-with-Random-Serial-Numbers-v3.adoc

The version of random serial numbers is stored within the CA entry
of the server. It is stored as a version to allow for future upgrades.

If a CA has RSN enabled then any KRA installed will also have it
enabled for its identifiers.

A new attribute, ipaCaRandomSerialNumberVersion, is added to the IPA CA
entry to track the version number in case PKI has future major
revisions. This can also be used to determine if RSN is enabled or not.

Fixes: https://pagure.io/freeipa/issue/2016

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-06-09 08:35:15 +02:00
..
advise Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
profiles Add SHA384withRSA as a certificate signing algorithm 2021-07-09 13:21:00 -04:00
schema.d Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
05rfc2247.ldif Remove references to GPL v2.0 license 2015-02-20 15:40:42 +01:00
15rfc2307bis.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
15rfc4876.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
60basev2.ldif Implement LDAP bind grace period 389-ds plugin 2022-05-30 17:24:22 +03:00
60basev3.ldif LDAP schema: new attribute ipaautoprivategroups 2021-04-19 17:14:23 +02:00
60basev4.ldif external-idp: add LDAP schema, indices and other LDAP objects 2022-05-10 15:52:41 +03:00
60certificate-profiles.ldif Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
60ipaconfig.ldif Fix oid of ipaUserDefaultSubordinateId 2021-07-09 09:47:30 -04:00
60ipadns.ldif DNS: Support URI resource record type 2016-10-11 16:48:47 +02:00
60ipapk11.ldif DNSSEC: schema 2014-10-21 12:23:03 +02:00
60kerberos.ldif Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
60samba.ldif Make schema files conform to new updater 2013-11-18 16:54:21 +01:00
61kerberos-ipav3.ldif mark 'ipaKrbPrincipalAlias' attribute as deprecated in schema 2016-06-23 09:48:06 +02:00
65ipacertstore.ldif Add LDAP schema for certificate store. 2014-07-30 16:04:21 +02:00
65ipasudo.ldif Update X-ORIGIN for 4.0 2014-07-01 13:57:06 +02:00
70ipaotp.ldif Revert "Make all ipatokenTOTP attributes mandatory" 2015-01-21 09:20:15 +01:00
70topology.ldif handle multiple managed suffixes 2015-10-15 14:24:33 +02:00
71idviews.ldif idviews: Add user certificate attribute to user ID overrides 2016-05-06 07:12:01 +02:00
72domainlevels.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
73certmap.ldif Add altSecurityIdentities attribute from MS-WSPP schema definition 2019-07-17 17:50:07 +03:00
anon-princ-aci.ldif Use Anonymous user to obtain FAST armor ccache 2017-02-15 07:13:37 +01:00
automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
bind.ipa-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.ipa-logging-ext.conf.template BIND: Setup logging 2021-05-25 10:45:49 +03:00
bind.ipa-options-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.named.conf.template LDAP autobind authenticateAsDN for BIND named 2021-06-15 14:13:16 +03:00
bind.openssl.cnf.template named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
bind.openssl.cryptopolicy.cnf.template named: Include crypto policy in openssl config 2020-08-31 09:42:31 +03:00
bootstrap-template.ldif Fix ipa-server-upgrade 2021-07-09 09:47:30 -04:00
ca-topology.uldif Revert "upgrade: add replica bind DN group check interval to CA topology config" 2016-12-09 15:47:13 +01:00
certmap.conf.template Define template version in certmap.conf 2017-03-01 12:46:50 +01:00
custodia.conf.template Fix Custodia imports 2021-06-16 10:28:17 -04:00
default-aci.ldif Add group membership management 2019-11-11 09:31:14 +01:00
default-hbac.ldif Fix systemd-user HBAC rule 2019-01-15 14:29:22 -05:00
default-smb-group.ldif Change DNA magic value to -1 to make UID 999 usable 2013-03-11 17:07:07 +01:00
default-trust-view.ldif idviews: Add Default Trust View as part of adtrustinstall 2014-09-30 10:42:06 +02:00
delegation.ldif external-idp: add LDAP schema, indices and other LDAP objects 2022-05-10 15:52:41 +03:00
dna.ldif Use 389-DS' dnaInterval setting to assign intervals 2021-07-09 09:47:30 -04:00
dns.ldif Allow hosts to read DNS records for IP SAN 2020-03-16 13:04:17 +01:00
dnssec.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
domainlevel.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
ds-ipa-env.conf.template Set client keytab location for 389ds 2021-01-13 21:31:31 +02:00
ds-nfiles.ldif Autotune directory server to use a greater number of files 2010-11-22 12:42:16 -05:00
entryusn.ldif Address entryusn initialization on replica installation 2011-01-28 13:58:43 -05:00
freeipa-server.template Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
gssapi.login Change session handling 2017-02-15 07:13:37 +01:00
gssproxy.conf.template gssproxy: Don't refresh expired delegated credentials 2021-06-12 11:19:25 +03:00
host_nis_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
ipa-httpd-wsgi.conf.template Replace wsgi package conflict with config file 2018-02-09 08:28:11 +01:00
ipa-httpd.conf.template Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
ipa-kdc-proxy.conf.template Better mod_wsgi configuration 2021-04-07 11:43:23 +03:00
ipa-pki-proxy.conf.template ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus 2022-01-31 18:14:22 -05:00
ipa-rewrite.conf.template Allow Apache to answer to ipa-ca requests without a redirect 2020-12-02 14:05:36 +02:00
ipa.conf.template Better mod_wsgi configuration 2021-04-07 11:43:23 +03:00
ipaca_customize.ini Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
ipaca_default.ini Remove deprecation warning when installing a CA replica 2022-01-14 17:24:58 +01:00
ipaca_softhsm2.ini Add pki.ini override option 2019-04-10 13:43:23 +02:00
ipakrb5.aug install: introduce generic Kerberos Augeas lens 2017-05-19 12:31:24 +02:00
kdc_extensions.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc_req.conf.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc.conf.template KRB instance: make provision to work with crypto policy without SHA-1 HMAC types 2022-03-08 12:54:47 +01:00
kdcproxy-disable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy-enable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.conf Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.wsgi Replace hard-coded kdcproxy path with WSGI script 2017-04-12 13:05:23 +02:00
kerberos.ldif Set default LDAP password grace period to -1 2022-06-06 11:24:21 -04:00
krb5.conf.template krb5: Pin kpasswd server to a primary one 2021-09-15 10:16:54 +02:00
krb5.ini.template Set master_kdc and dns_lookup_kdc to true 2012-09-19 20:47:12 -04:00
krb.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
krbrealm.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
ldbm-tuning.ldif Fix nsslapd-db-lock tuning of BDB backend 2020-09-24 17:03:00 +02:00
Makefile.am Add basic support for subordinate user/group ids 2021-07-09 09:47:30 -04:00
managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
master-entry.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
memberof-conf.ldif Redesign subid feature 2021-07-09 09:47:30 -04:00
memberof-task.ldif Wait for memberof task and DS to start before proceeding in installation. 2011-04-22 11:43:50 +02:00
memcache-remove.uldif Change session handling 2017-02-15 07:13:37 +01:00
modrdn-krbprinc.ldif add krbCanonicalName to attributes watched by MODRDN plugin 2016-06-23 09:48:06 +02:00
nis-update.uldif Upgrade: Fix upgrade of NIS Server configuration 2016-01-11 09:45:54 +01:00
nis.uldif Enable transactions by default, make password and modrdn TXN-aware 2012-11-21 14:55:12 +01:00
opendnssec_conf.template Remove the <Interval> from opendnssec conf 2020-03-12 21:48:25 +01:00
opendnssec_kasp.template DNSSEC: update OpenDNSSEC KASP configuration 2015-05-19 12:50:56 +00:00
pki-acme-configsources.conf.template Add versions to the ACME config templates and update on upgrade 2021-02-15 09:57:07 +02:00
pki-acme-database.conf.template Add versions to the ACME config templates and update on upgrade 2021-02-15 09:57:07 +02:00
pki-acme-engine.conf.template Add versions to the ACME config templates and update on upgrade 2021-02-15 09:57:07 +02:00
pki-acme-issuer.conf.template Add versions to the ACME config templates and update on upgrade 2021-02-15 09:57:07 +02:00
pki-acme-realm.conf.template Add versions to the ACME config templates and update on upgrade 2021-02-15 09:57:07 +02:00
pw-logging-conf.ldif Switch nsslapd-unhashed-pw-switch to nolog 2019-05-24 12:42:51 +02:00
referint-conf.ldif Update referential integrity config for DS 1.3.3 2014-09-12 17:42:08 +02:00
replica-acis.ldif Update ACIs with the correct syntax 2020-05-04 20:49:23 +02:00
replica-automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
replica-prevent-time-skew.ldif ds: ignore time skew during initial replication step 2017-10-19 17:48:58 +03:00
repoint-managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
sasl-mapping-fallback.ldif Enable SASL mapping fallback. 2013-06-27 17:06:51 +02:00
schema-update.ldif Fix nsslapdPlugin object class after initial replication. 2013-09-10 09:49:43 +02:00
smb.conf.empty Add trust management for Active Directory trusts 2012-06-07 09:39:09 +02:00
smb.conf.registry.template SMB: switch IPA domain controller role 2021-11-10 15:00:27 -05:00
smb.conf.template Write state dir to smb.conf 2020-07-30 11:38:25 +02:00
sudobind.ldif Create default disabled sudo bind user 2011-02-23 15:32:24 -05:00
topology-entries.ldif rename topology suffixes to "domain" and "ca" 2015-12-04 12:59:21 +01:00
unique-attributes.ldif Server Upgrade: Fix uniqueness plugins 2015-05-19 12:45:41 +00:00
user_private_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
uuid.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
vault.ldif install: support KRA update 2015-09-17 14:55:54 +02:00
wsgi.py Improve wsgi app loading 2021-04-07 11:43:23 +03:00