IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
74ebd0fd75
freeipa/ipapython
History
Martin Kosek 74ebd0fd75 Move CRL publish directory to IPA owned directory 
Currently, CRL files are being exported to /var/lib/pki-ca
sub-directory, which is then served by httpd to clients. However,
this approach has several disadvantages:
 * We depend on pki-ca directory structure and relevant permissions.
   If pki-ca changes directory structure or permissions on upgrade,
   IPA may break. This is also a root cause of the latest error, where
   the pki-ca directory does not have X permission for others and CRL
   publishing by httpd breaks.
 * Since the directory is not static and is generated during
   ipa-server-install, RPM upgrade of IPA packages report errors when
   defining SELinux policy for these directories.

Move CRL publish directory to /var/lib/ipa/pki-ca/publish (common for
both dogtag 9 and 10) which is created on RPM upgrade, i.e. SELinux policy
configuration does not report any error. The new CRL publish directory
is used for both new IPA installs and upgrades, where contents of
the directory (CRLs) is first migrated to the new location and then the
actual configuration change is made.

https://fedorahosted.org/freeipa/ticket/3144
2012-10-09 16:00:01 +02:00
..
platform Wait for secure Dogtag ports when starting the pki services 2012-10-03 17:38:42 +02:00
py_default_encoding Check for Python.h during build of py_default_encoding extension 2011-11-16 18:34:16 -05:00
test Fix failed tests. API for utcoffset changed and strings are more robust. 2011-01-24 14:34:38 -05:00
__init__.py Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
admintool.py Ticket #2850 - Ipactl exception not handled well 2012-08-27 15:30:28 +02:00
certdb.py Move the compat module from ipalib to ipapython. 2012-02-13 22:22:49 -05:00
certmonger.py Use Dogtag 10 only when it is available 2012-09-17 18:43:59 -04:00
compat.py Move the compat module from ipalib to ipapython. 2012-02-13 22:22:49 -05:00
config.py Fix winsync agreements creation 2012-08-12 23:26:16 -04:00
dn.py Ticket #3008: DN objects hash differently depending on case 2012-08-22 17:23:12 +03:00
dogtag.py Move CRL publish directory to IPA owned directory 2012-10-09 16:00:01 +02:00
entity.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
ipa_log_manager.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
ipa.conf Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
ipautil.py Improve DN usage in ipa-client-install 2012-10-02 13:39:11 +02:00
ipavalidate.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
kernel_keyring.py Store session cookie in ccache for cli users 2012-06-14 14:02:26 +02:00
log_manager.py Fix various typos. 2012-09-18 08:45:28 +02:00
Makefile Introduce platform-specific adaptation for services used by FreeIPA. 2011-09-13 11:25:58 +02:00
MANIFEST.in Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
nsslib.py Improve address family handling in sockets 2012-07-13 14:25:18 +02:00
README Replace DNS client based on acutil with python-dns 2012-05-24 13:55:56 +02:00
services.py.in If SELinux is enabled ensure we also have restorecon. 2012-05-31 14:07:05 +02:00
setup.py.in Introduce platform-specific adaptation for services used by FreeIPA. 2011-09-13 11:25:58 +02:00
ssh.py SSHPublicKey.fingerprint_dns_sha1 should return unicode value. 2012-09-20 10:44:28 +02:00
sysrestore.py Improves sssd.conf handling during ipa-client uninstall 2012-09-20 16:57:13 +02:00
version.py.in Add API version and have server reject incompatible clients. 2011-01-14 14:26:22 -05:00

README 

This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.

A brief overview:

config.py - identify the IPA server domain and realm. It uses python-dns to
            try to detect this information first and will fall back to
            /etc/ipa/default.conf if that fails.

ipautil.py - helper functions

entity.py - entity is the main data type. User and Group extend this class
            (but don't add anything currently).

ipavalidate.py - basic data validation routines