mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
ecc08e3983
A PKCS#12 file is generated from a set of input files in various formats. This file is then used to provide the public and private keys and certificate chain fro importing into an NSS database. In order to work in FIPS mode stronger encryption is required. The default OpenSSL certificate algo is 40-bit RC2 which is not allowed in FIPS mode. The default private key algo is 3DES. Use AES-128 instead for both. Fixes: https://pagure.io/freeipa/issue/7948 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> |
||
|---|---|---|
| .. | ||
| install | ||
| __init__.py | ||
| admintool.py | ||
| certdb.py | ||
| config.py | ||
| cookie.py | ||
| directivesetter.py | ||
| dn_ctypes.py | ||
| dn.py | ||
| dnsutil.py | ||
| dogtag.py | ||
| errors.py | ||
| graph.py | ||
| ipa_log_manager.py | ||
| ipaldap.py | ||
| ipautil.py | ||
| ipavalidate.py | ||
| kerberos.py | ||
| kernel_keyring.py | ||
| Makefile.am | ||
| nsslib.py | ||
| README | ||
| session_storage.py | ||
| setup.cfg | ||
| setup.py | ||
| ssh.py | ||
| version.py.in | ||
This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.
A brief overview:
config.py - identify the IPA server domain and realm. It uses python-dns to
try to detect this information first and will fall back to
/etc/ipa/default.conf if that fails.
ipautil.py - helper functions
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines