mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
7b96973711
Add ipa-passwd tool Add simple field validation package This patch adds a package requirement, python-krbV. This is needed to determine the current user based on their kerberos ticket.
66 lines
1.4 KiB
Plaintext
66 lines
1.4 KiB
Plaintext
|
|
Required packages:
|
|
|
|
krb5-server
|
|
fedora-ds-base
|
|
fedora-ds-base-devel
|
|
openldap-clients
|
|
openldap-devel
|
|
krb5-server-ldap
|
|
cyrus-sasl-gssapi
|
|
httpd
|
|
mod_auth_kerb
|
|
ntp
|
|
openssl-devel
|
|
nspr-devel
|
|
nss-devel
|
|
mozldap-devel
|
|
mod_python
|
|
gcc
|
|
python-ldap
|
|
TurboGears
|
|
PyKerberos
|
|
python-krbV
|
|
|
|
Installation example:
|
|
|
|
TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
|
|
fixed.
|
|
|
|
Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
|
|
to patch your init scripts before running ipa-server-install. This tells
|
|
FDS where to find its kerberos keytab.
|
|
|
|
Things done as root are denoted by #. Things done as a unix user are denoted
|
|
by %.
|
|
|
|
# cd freeipa
|
|
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch
|
|
|
|
Now to do the installation.
|
|
|
|
# cd freeipa
|
|
# make install
|
|
|
|
To start an interactive installation use:
|
|
# /usr/sbin/ipa-server-install
|
|
|
|
For more verbose output add the -d flag run the command with -h to see all options
|
|
|
|
You have a basic working system with one super administrator (named admin).
|
|
|
|
To create another administrative user:
|
|
|
|
% kinit admin@FREEIPA.ORG
|
|
% /usr/sbin/ipa-adduser -f Test -l User test
|
|
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
|
|
% /usr/sbin/ipa-groupmod -a test admins
|
|
|
|
An admin user is just a regular user in the group admin.
|
|
|
|
Now you can destroy the old ticket and log in as test:
|
|
|
|
% kdestroy
|
|
% kinit test@FREEIPA.ORG
|
|
% /usr/sbin/ipa-finduser test
|