IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
13,113 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
6c9fcccfbc
Go to file
Alexander Bokovoy 6c9fcccfbc trust-fetch-domains: make sure we use right KDC when --server is specified 
Since we are authenticating against AD DC before talking to it (by using
trusted domain object's credentials), we need to override krb5.conf
configuration in case --server option is specified.

The context is a helper which is launched out of process with the help
of oddjobd. The helper takes existing trusted domain object, uses its
credentials to authenticate and then runs LSA RPC calls against that
trusted domain's domain controller. Previous code directed Samba
bindings to use the correct domain controller. However, if a DC visible
to MIT Kerberos is not reachable, we would not be able to obtain TGT and
the whole process will fail.

trust_add.execute() was calling out to the D-Bus helper without passing
the options (e.g. --server) so there was no chance to get that option
visible by the oddjob helper.

Also we need to make errors in the oddjob helper more visible to
error_log. Thus, move error reporting for a normal communication up from
the exception catching.

Resolves: https://pagure.io/freeipa/issue/7895
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2019-06-28 13:30:59 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client Introduce minimal ipa-client-automount.in and ipactl.in 2019-06-28 10:53:07 +02:00
contrib Update mod_nss cipher list so there is overlap with a 4.x master 2019-02-04 09:12:29 +01:00
daemons adtrust upgrade: fix wrong primary principal name 2019-06-26 10:50:45 +02:00
doc adtrust upgrade: fix wrong primary principal name 2019-06-26 10:50:45 +02:00
init Move ipa's systemd tmpfiles from /var/run to /run 2018-10-15 10:04:33 +02:00
install trust-fetch-domains: make sure we use right KDC when --server is specified 2019-06-28 13:30:59 +02:00
ipaclient ipa_client_automount.py and ipactl.py: fix codestyle 2019-06-28 10:53:07 +02:00
ipalib Handle missing LWCA certificate or chain 2019-06-18 10:36:24 +10:00
ipaplatform Make use of the single configuration point for the default shells 2019-06-19 11:39:51 +02:00
ipapython admintool: don't display log file on errors unless logging is setup 2019-06-11 19:42:50 +02:00
ipaserver trust-fetch-domains: make sure we use right KDC when --server is specified 2019-06-28 13:30:59 +02:00
ipatests test_nfs.py: change pr-ci configuration to run on master_2repl_1client 2019-06-27 19:49:50 +02:00
po Update translations from Zanata 2019-04-24 09:47:31 +02:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
util Compile IPA modules with C11 extensions 2019-02-07 12:33:45 +01:00
.freeipa-pr-ci.yaml Making nigthly test definition editable by FreeIPA's contributors 2018-07-27 09:50:06 +02:00
.git-commit-template git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org 2017-03-28 13:10:08 +02:00
.gitignore .gitignore: add ipa-cert-fix program 2019-06-11 15:52:06 +10:00
.lgtm.yml Improve Python configuration for LGTM 2018-10-26 18:04:23 +02:00
.mailmap Update mailmap 2019-04-24 09:47:31 +02:00
.test_runner_config.yaml Enable firewall in the tests for PR CI 2019-01-11 20:01:54 +01:00
.tox-install.sh Resolve tox substitutions to absolute paths 2019-06-16 20:32:31 +03:00
.travis_run_task.sh Make pycodestyle results identical 2019-05-28 10:01:23 +03:00
.travis.yml Remove Python 2 support and packages 2018-09-06 17:39:00 +02:00
.wheelconstraints.in Use pylint 1.7.5 with fix for bad python3 import 2017-12-19 13:28:06 +01:00
ACI.txt Add knob to limit hostname length 2019-05-16 14:38:43 -04:00
API.txt Add knob to limit hostname length 2019-05-16 14:38:43 -04:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Update builddep command in BUILD.txt 2018-07-17 16:52:31 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac Increase default debug level of certmonger 2019-06-24 10:00:37 +02:00
Contributors.txt Update list of contributors and sort them alphabetically 2019-04-24 09:47:31 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in Increase default debug level of certmonger 2019-06-24 10:00:37 +02:00
ipa.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipasetup.py.in Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
makeapi.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
Makefile.am Add missing deps for make pylint 2019-04-24 08:10:45 +02:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py constants: add ca_renewal container 2019-05-29 12:49:27 +10:00
pylintrc Forbid imports of ipaserver and install packages 2019-05-16 13:20:38 +02:00
README.md README: Update link to freeipa-devel archive 2019-03-20 17:32:43 +01:00
server.m4 Correcting detect typo in server.m4 2018-04-05 11:25:01 +02:00
tox.ini Make python-ldap optional for PyPI packages 2019-04-26 12:53:23 +02:00
VERSION.m4 Bump release number to 4.7.91 2019-06-17 14:31:12 +10:00
zanata.xml Zanata: exlude testing ipa.pot file 2016-11-21 14:47:47 +01:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts