mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
b0d9a4728f
Add the ipa-pki-retrieve-key helper program and configure lightweight CA key replication on installation and upgrade. The specific configuration steps are: - Add the 'dogtag/$HOSTNAME' service principal - Create the pricipal's Custodia keys - Retrieve the principal's keytab - Configure Dogtag's CS.cfg to use ExternalProcessKeyRetriever to invoke ipa-pki-retrieve-key for key retrieval Also bump the minimum version of Dogtag to 10.3.2. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
10 lines
249 B
Plaintext
10 lines
249 B
Plaintext
dn: cn=custodia,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectClass: top
|
|
default: objectClass: nsContainer
|
|
default: cn: custodia
|
|
|
|
dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectClass: top
|
|
default: objectClass: nsContainer
|
|
default: cn: dogtag
|