mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
c0d55ce6de
The initial implementation of ACME in dogtag and IPA required that ACME be manually enabled on each CA. dogtag added a REST API that can be access directly or through the `pki acme` CLI tool to enable or disable the service. It also abstracted the database connection and introduced the concept of a realm which defines the DIT for ACME users and groups, the URL and the identity. This is configured in realm.conf. A new group was created, Enterprise ACME Administrators, that controls the users allowed to modify ACME configuration. The IPA RA is added to this group for the ipa-acme-manage tool to authenticate to the API to enable/disable ACME. Related dogtag installation documentation: https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Database.md https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Realm.md https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Installing_PKI_ACME_Responder.md ACME REST API: https://github.com/dogtagpki/pki/wiki/PKI-ACME-Enable-REST-API https://pagure.io/freeipa/issue/8524 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
116 lines
2.6 KiB
Makefile
116 lines
2.6 KiB
Makefile
NULL =
|
|
|
|
SUBDIRS = \
|
|
advise \
|
|
profiles \
|
|
schema.d \
|
|
$(NULL)
|
|
|
|
appdir = $(IPA_DATA_DIR)
|
|
dist_app_DATA = \
|
|
05rfc2247.ldif \
|
|
15rfc2307bis.ldif \
|
|
15rfc4876.ldif \
|
|
60kerberos.ldif \
|
|
60samba.ldif \
|
|
60ipaconfig.ldif \
|
|
60basev2.ldif \
|
|
60basev3.ldif \
|
|
60ipadns.ldif \
|
|
60ipapk11.ldif \
|
|
60certificate-profiles.ldif \
|
|
61kerberos-ipav3.ldif \
|
|
65ipacertstore.ldif \
|
|
65ipasudo.ldif \
|
|
70ipaotp.ldif \
|
|
70topology.ldif \
|
|
71idviews.ldif \
|
|
72domainlevels.ldif \
|
|
73certmap.ldif \
|
|
anon-princ-aci.ldif \
|
|
bootstrap-template.ldif \
|
|
ca-topology.uldif \
|
|
custodia.conf.template \
|
|
default-aci.ldif \
|
|
default-hbac.ldif \
|
|
default-smb-group.ldif \
|
|
default-trust-view.ldif \
|
|
delegation.ldif \
|
|
replica-acis.ldif \
|
|
replica-prevent-time-skew.ldif \
|
|
ds-nfiles.ldif \
|
|
ds-ipa-env.conf.template \
|
|
dns.ldif \
|
|
dnssec.ldif \
|
|
domainlevel.ldif \
|
|
kerberos.ldif \
|
|
bind.ipa-ext.conf.template \
|
|
bind.ipa-options-ext.conf.template \
|
|
bind.named.conf.template \
|
|
bind.openssl.cnf.template \
|
|
bind.openssl.cryptopolicy.cnf.template \
|
|
certmap.conf.template \
|
|
kdc.conf.template \
|
|
kdc_extensions.template \
|
|
kdc_req.conf.template \
|
|
krb5.conf.template \
|
|
freeipa-server.template \
|
|
krb5.ini.template \
|
|
krb.con.template \
|
|
krbrealm.con.template \
|
|
smb.conf.template \
|
|
smb.conf.registry.template \
|
|
smb.conf.empty \
|
|
referint-conf.ldif \
|
|
dna.ldif \
|
|
master-entry.ldif \
|
|
memberof-task.ldif \
|
|
memberof-conf.ldif \
|
|
nis.uldif \
|
|
nis-update.uldif \
|
|
opendnssec_conf.template \
|
|
opendnssec_kasp.template \
|
|
unique-attributes.ldif \
|
|
wsgi.py \
|
|
repoint-managed-entries.ldif \
|
|
managed-entries.ldif \
|
|
topology-entries.ldif \
|
|
user_private_groups.ldif \
|
|
host_nis_groups.ldif \
|
|
uuid.ldif \
|
|
modrdn-krbprinc.ldif \
|
|
entryusn.ldif \
|
|
pw-logging-conf.ldif \
|
|
sudobind.ldif \
|
|
automember.ldif \
|
|
replica-automember.ldif \
|
|
sasl-mapping-fallback.ldif \
|
|
schema-update.ldif \
|
|
vault.ldif \
|
|
kdcproxy-enable.uldif \
|
|
kdcproxy-disable.uldif \
|
|
ipa-httpd.conf.template \
|
|
ipa-httpd-wsgi.conf.template \
|
|
gssapi.login \
|
|
gssproxy.conf.template \
|
|
kdcproxy.wsgi \
|
|
ipakrb5.aug \
|
|
ipa.conf.template \
|
|
ipa-kdc-proxy.conf.template \
|
|
ipa-pki-proxy.conf.template \
|
|
ipa-rewrite.conf.template \
|
|
ipaca_default.ini \
|
|
ipaca_customize.ini \
|
|
ipaca_softhsm2.ini \
|
|
pki-acme-configsources.conf.template \
|
|
pki-acme-database.conf.template \
|
|
pki-acme-engine.conf.template \
|
|
pki-acme-issuer.conf.template \
|
|
pki-acme-realm.conf.template \
|
|
ldbm-tuning.ldif \
|
|
$(NULL)
|
|
|
|
kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
|
|
dist_kdcproxyconf_DATA = \
|
|
kdcproxy.conf
|