IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
15,249 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
beaa0562dc
Go to file
Rob Crittenden beaa0562dc Add support for Random Serial Numbers v3 
Dogtag has implemented a new random serial number scheme
they are calling RSNv3.

https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers-v3

Given the known issues reported this will be supported in IPA for
new installations only.

There is no mixing of random servers and non-random servers
allowed.

Instructions for installing a CA:
https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing-CA-with-Random-Serial-Numbers-v3.adoc

Instructions for installing a KRA:
https://github.com/dogtagpki/pki/blob/master/docs/installation/kra/Installig-KRA-with-Random-Serial-Numbers-v3.adoc

The version of random serial numbers is stored within the CA entry
of the server. It is stored as a version to allow for future upgrades.

If a CA has RSN enabled then any KRA installed will also have it
enabled for its identifiers.

A new attribute, ipaCaRandomSerialNumberVersion, is added to the IPA CA
entry to track the version number in case PKI has future major
revisions. This can also be used to determine if RSN is enabled or not.

Fixes: https://pagure.io/freeipa/issue/2016

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-06-09 08:35:15 +02:00
.copr Adding auto COPR builds 2019-12-14 14:20:34 +02:00
.github Let GH auto-notify and auto-close stale PRs 2020-05-06 20:17:01 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client dnssec daemons: read the dns context config file for debug state 2022-06-02 11:17:57 +02:00
contrib Parse the debugging cache log to determine the read savings 2021-05-12 10:45:57 -04:00
daemons dnssec daemons: read the dns context config file for debug state 2022-06-02 11:17:57 +02:00
doc doc/designs: add Random Serial Numbers v3 support 2022-06-09 08:35:15 +02:00
init configure: Use HTTPD_GROUP in init/tmpfiles/ipa.conf.in 2021-11-25 21:02:56 -05:00
install Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
ipaclient Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
ipalib Add a new parameter type, SerialNumber, as a subclass of Str 2022-06-09 08:35:15 +02:00
ipaplatform Support dnssec utils from bind 9.17.2+ 2022-05-25 20:05:42 +02:00
ipapython dnssec daemons: read the dns context config file for debug state 2022-06-02 11:17:57 +02:00
ipaserver Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
ipasphinx docs: force sphinx version above 3.0 to avoid caching in RTD 2022-05-04 10:40:07 +03:00
ipatests Add a new parameter type, SerialNumber, as a subclass of Str 2022-06-09 08:35:15 +02:00
po Update translations to FreeIPA master state 2022-04-26 16:33:58 +02:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
selinux External IdP: initial SELinux policy 2022-05-10 15:52:41 +03:00
util ipa_pwd: Remove unnecessary conditional 2021-01-15 10:01:28 +01:00
.freeipa-pr-ci.yaml ipatests: revert wrong commit on gating definition 2021-11-02 11:40:25 +01:00
.git-commit-template Commit template: use either Fixes or Related 2022-02-14 11:21:01 +02:00
.gitignore Add basic support for subordinate user/group ids 2021-07-09 09:47:30 -04:00
.lgtm.yml Fix lgtm file classification 2021-03-08 08:31:41 +01:00
.mailmap mailmap: add ftweedal 2020-11-11 14:08:35 +02:00
.readthedocs.yaml docs: add the readthedocs configuration 2022-05-04 09:36:40 +03:00
.tox-install.sh azure: Don't customize pip's builddir 2021-10-21 08:03:03 +02:00
.wheelconstraints.in azure: Bump supported Pylint 2022-03-11 13:37:08 -05:00
ACI.txt Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
API.txt Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Bootstrap Sphinx documentation 2020-03-21 07:40:33 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac Implement LDAP bind grace period 389-ds plugin 2022-05-30 17:24:22 +03:00
Contributors.txt Update list of contributors 2022-04-26 16:45:30 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in Implement LDAP bind grace period 389-ds plugin 2022-05-30 17:24:22 +03:00
ipa.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipasetup.py.in pylint: Fix use-maxsplit-arg 2022-03-11 13:37:08 -05:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
makeapi.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
Makefile.am pycodestyle: Check *.in Python files 2021-08-24 16:49:10 +02:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am ipa-scripts: fix all ipa command line scripts to operate with -I 2019-09-19 10:44:09 -04:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
pylintrc pylint: Skip use-implicit-booleaness-not-comparison 2022-03-11 13:37:08 -05:00
README.md Update IRC links to point to Libera.chat 2021-05-27 18:26:28 +03:00
server.m4 extdom: user getorigby{user|group}name if available 2022-03-16 11:08:39 +02:00
tox.ini azure: Don't customize pip's builddir 2021-10-21 08:03:03 +02:00
VERSION.m4 Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts