IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 01:41:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
d5aa1ee04e
freeipa/ipalib/plugins
History
Alexander Bokovoy d5aa1ee04e trusts: add support for one-way trust and switch to it by default 
One-way trust is the default now, use 'trust add --two-way ' to
force bidirectional trust

https://fedorahosted.org/freeipa/ticket/4959

In case of one-way trust we cannot authenticate using cross-realm TGT
against an AD DC. We have to use trusted domain object from within AD
domain and access to this object is limited to avoid compromising the whole
trust configuration.

Instead, IPA framework can call out to oddjob daemon and ask it to
run the script which can have access to the TDO object. This script
(com.redhat.idm.trust-fetch-domains) is using cifs/ipa.master principal
to retrieve TDO object credentials from IPA LDAP if needed and then
authenticate against AD DCs using the TDO object credentials.

The script pulls the trust topology out of AD DCs and updates IPA LDAP
store. Then IPA framework can pick the updated data from the IPA LDAP
under normal access conditions.

Part of https://fedorahosted.org/freeipa/ticket/4546

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-08 01:56:52 +02:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py aci plugin: Fix internal error when ACIs are not readable 2014-05-29 16:22:37 +02:00
automember.py Fix error message for nonexistent members and add tests. 2014-11-24 16:04:57 +01:00
automount.py Add several CRUD default permissions 2014-06-24 13:53:41 +02:00
baseldap.py include more information in metadata 2015-07-03 10:42:16 +02:00
baseuser.py ipalib: Load ipaserver plugins when api.env.in_server is True 2015-07-01 13:05:30 +00:00
batch.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
caacl.py Enforce CA ACLs in cert-request command 2015-06-11 10:50:31 +00:00
cert.py Enforce CA ACLs in cert-request command 2015-06-11 10:50:31 +00:00
certprofile.py certprofile: add ability to update profile config in Dogtag 2015-07-08 00:25:46 +02:00
config.py Expose the disabled User Auth Type 2015-02-12 10:31:24 +01:00
delegation.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
dns.py DNS: Do not traceback if DNS is not installed 2015-07-01 20:19:01 +02:00
domainlevel.py Hide topology and domainlevel features 2015-07-08 00:09:09 +02:00
group.py idviews: Remove ID overrides for permanently removed users and groups 2015-07-01 13:06:40 +02:00
hbacrule.py Convert HBAC Rule default permissions to managed 2014-06-24 13:53:40 +02:00
hbacsvc.py Convert HBAC Service default permissions to managed 2014-06-24 13:53:40 +02:00
hbacsvcgroup.py Do not require description in UI. 2014-09-29 12:53:43 +02:00
hbactest.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
host.py new commands to manage user/host/service certificates 2015-07-02 14:43:44 +00:00
hostgroup.py hostgroup: Selected PEP8 fixes for the hostgroup plugin 2014-09-30 10:42:06 +02:00
idrange.py idrange: include raw range type in output 2014-11-11 10:56:16 +01:00
idviews.py idviews: Fallback to AD DC LDAP only if specifically allowed 2015-07-02 13:23:21 +02:00
internal.py webui: adjust user deleter dialog to new api 2015-06-18 15:50:44 +02:00
kerberos.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
krbtpolicy.py Make 'permission' the default bind type for managed permissions 2014-06-11 13:21:29 +02:00
migration.py plugable: Pass API to plugins on initialization rather than using set_api 2015-07-01 13:05:30 +00:00
misc.py plugable: Pass API to plugins on initialization rather than using set_api 2015-07-01 13:05:30 +00:00
netgroup.py Do not require description in UI. 2014-09-29 12:53:43 +02:00
otpconfig.py Fix TOTP Synchronization Window label 2015-02-17 08:26:42 +01:00
otptoken_yubikey.py Create an OTP help topic 2014-12-05 13:44:51 +01:00
otptoken.py Fix OTP token URI generation 2015-06-17 16:46:25 +02:00
passwd.py ipa-passwd: add OTP support 2014-06-26 12:37:38 +02:00
permission.py Server Upgrade: use debug log level for upgrade instead of info 2015-07-03 07:47:59 +00:00
ping.py Allow API plugin registration via a decorator 2013-08-14 12:08:27 +02:00
pkinit.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
privilege.py Do not require description in UI. 2014-09-29 12:53:43 +02:00
pwpolicy.py pwpolicy-add: Added better error handling 2014-09-02 10:40:12 +02:00
radiusproxy.py Split long docstrings that were recently modified 2014-06-10 13:19:32 +02:00
realmdomains.py Add Modify Realm Domains permission 2014-07-04 12:17:04 +02:00
role.py speed up indirect member processing 2015-04-27 05:55:04 +00:00
rpcclient.py Switch client to JSON-RPC 2013-11-26 16:59:59 +01:00
selfservice.py Update all remaining plugins to the new Registry API 2014-06-11 09:24:22 +02:00
selinuxusermap.py Convert SELinux User Map default permissions to managed 2014-06-24 13:53:41 +02:00
server.py server: add "del" command 2015-06-15 16:06:48 +02:00
service.py new commands to manage user/host/service certificates 2015-07-02 14:43:44 +00:00
servicedelegation.py Add plugin to manage service constraint delegations 2015-06-03 09:47:40 +00:00
stageuser.py Display the wrong attribute name when mandatory attribute is missing 2015-07-02 12:01:07 +02:00
sudocmd.py Convert Sudo Command default permissions to managed 2014-06-24 13:53:41 +02:00
sudocmdgroup.py Do not require description in UI. 2014-09-29 12:53:43 +02:00
sudorule.py Sudorule RunAsUser should work with external groups 2014-10-02 11:06:47 +02:00
topology.py Hide topology and domainlevel features 2015-07-08 00:09:09 +02:00
trust.py trusts: add support for one-way trust and switch to it by default 2015-07-08 01:56:52 +02:00
user.py new commands to manage user/host/service certificates 2015-07-02 14:43:44 +00:00
vault.py Added ipaVaultPublicKey attribute. 2015-07-07 07:44:56 +00:00
virtual.py Internationalization for public errors 2012-09-03 18:16:12 +02:00