mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
04e9056ec2
We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients |
||
---|---|---|
.. | ||
man | ||
ipa-compat-manage | ||
ipa-dns-install | ||
ipa-fix-CVE-2008-3274 | ||
ipa-ldap-updater | ||
ipa-nis-manage | ||
ipa-replica-install | ||
ipa-replica-manage | ||
ipa-replica-prepare | ||
ipa-server-certinstall | ||
ipa-server-install | ||
ipa-upgradeconfig | ||
ipactl | ||
Makefile.am | ||
README |
Required packages: krb5-server fedora-ds-base fedora-ds-base-devel openldap-clients openldap-devel krb5-server-ldap cyrus-sasl-gssapi httpd mod_auth_kerb ntp openssl-devel nspr-devel nss-devel mozldap-devel mod_python gcc python-ldap TurboGears python-kerberos python-krbV python-tgexpandingformwidget python-pyasn1 Installation example: TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is fixed. Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/ to patch your init scripts before running ipa-server-install. This tells FDS where to find its kerberos keytab. Things done as root are denoted by #. Things done as a unix user are denoted by %. # cd freeipa # patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch Now to do the installation. # cd freeipa # make install To start an interactive installation use: # /usr/sbin/ipa-server-install For more verbose output add the -d flag run the command with -h to see all options You have a basic working system with one super administrator (named admin). To create another administrative user: % kinit admin@FREEIPA.ORG % /usr/sbin/ipa-adduser -f Test -l User test % ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org % /usr/sbin/ipa-groupmod -a test admins An admin user is just a regular user in the group admin. Now you can destroy the old ticket and log in as test: % kdestroy % kinit test@FREEIPA.ORG % /usr/sbin/ipa-finduser test