freeipa/install/share/Makefile.am
Rob Crittenden c0d55ce6de Centralize enable/disable of the ACME service
The initial implementation of ACME in dogtag and IPA required
that ACME be manually enabled on each CA.

dogtag added a REST API that can be access directly or through
the `pki acme` CLI tool to enable or disable the service.

It also abstracted the database connection and introduced the
concept of a realm which defines the DIT for ACME users and
groups, the URL and the identity. This is configured in realm.conf.

A new group was created, Enterprise ACME Administrators, that
controls the users allowed to modify ACME configuration.

The IPA RA is added to this group for the ipa-acme-manage tool
to authenticate to the API to enable/disable ACME.

Related dogtag installation documentation:
https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Database.md
https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Realm.md
https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Installing_PKI_ACME_Responder.md

ACME REST API:
https://github.com/dogtagpki/pki/wiki/PKI-ACME-Enable-REST-API

https://pagure.io/freeipa/issue/8524

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-11-02 10:43:57 -05:00

116 lines
2.6 KiB
Makefile

NULL =
SUBDIRS = \
advise \
profiles \
schema.d \
$(NULL)
appdir = $(IPA_DATA_DIR)
dist_app_DATA = \
05rfc2247.ldif \
15rfc2307bis.ldif \
15rfc4876.ldif \
60kerberos.ldif \
60samba.ldif \
60ipaconfig.ldif \
60basev2.ldif \
60basev3.ldif \
60ipadns.ldif \
60ipapk11.ldif \
60certificate-profiles.ldif \
61kerberos-ipav3.ldif \
65ipacertstore.ldif \
65ipasudo.ldif \
70ipaotp.ldif \
70topology.ldif \
71idviews.ldif \
72domainlevels.ldif \
73certmap.ldif \
anon-princ-aci.ldif \
bootstrap-template.ldif \
ca-topology.uldif \
custodia.conf.template \
default-aci.ldif \
default-hbac.ldif \
default-smb-group.ldif \
default-trust-view.ldif \
delegation.ldif \
replica-acis.ldif \
replica-prevent-time-skew.ldif \
ds-nfiles.ldif \
ds-ipa-env.conf.template \
dns.ldif \
dnssec.ldif \
domainlevel.ldif \
kerberos.ldif \
bind.ipa-ext.conf.template \
bind.ipa-options-ext.conf.template \
bind.named.conf.template \
bind.openssl.cnf.template \
bind.openssl.cryptopolicy.cnf.template \
certmap.conf.template \
kdc.conf.template \
kdc_extensions.template \
kdc_req.conf.template \
krb5.conf.template \
freeipa-server.template \
krb5.ini.template \
krb.con.template \
krbrealm.con.template \
smb.conf.template \
smb.conf.registry.template \
smb.conf.empty \
referint-conf.ldif \
dna.ldif \
master-entry.ldif \
memberof-task.ldif \
memberof-conf.ldif \
nis.uldif \
nis-update.uldif \
opendnssec_conf.template \
opendnssec_kasp.template \
unique-attributes.ldif \
wsgi.py \
repoint-managed-entries.ldif \
managed-entries.ldif \
topology-entries.ldif \
user_private_groups.ldif \
host_nis_groups.ldif \
uuid.ldif \
modrdn-krbprinc.ldif \
entryusn.ldif \
pw-logging-conf.ldif \
sudobind.ldif \
automember.ldif \
replica-automember.ldif \
sasl-mapping-fallback.ldif \
schema-update.ldif \
vault.ldif \
kdcproxy-enable.uldif \
kdcproxy-disable.uldif \
ipa-httpd.conf.template \
ipa-httpd-wsgi.conf.template \
gssapi.login \
gssproxy.conf.template \
kdcproxy.wsgi \
ipakrb5.aug \
ipa.conf.template \
ipa-kdc-proxy.conf.template \
ipa-pki-proxy.conf.template \
ipa-rewrite.conf.template \
ipaca_default.ini \
ipaca_customize.ini \
ipaca_softhsm2.ini \
pki-acme-configsources.conf.template \
pki-acme-database.conf.template \
pki-acme-engine.conf.template \
pki-acme-issuer.conf.template \
pki-acme-realm.conf.template \
ldbm-tuning.ldif \
$(NULL)
kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
dist_kdcproxyconf_DATA = \
kdcproxy.conf