Christian Heimes dbebed2e3a Add PKINIT support to ipa-client-install ... The ``ipa-client-install`` command now supports PKINIT for client enrollment. Existing X.509 client certificates can be used to authenticate a host. Also restart KRB5 KDC during ``ipa-certupdate`` so KDC picks up new CA certificates for PKINIT. *Requirements* - The KDC must trust the CA chain of the client certificate. - The client must be able to verify the KDC's PKINIT cert. - The host entry must exist. This limitation may be removed in the future. - A certmap rule must match the host certificate and map it to a single host entry. *Example* ``` ipa-client-install \ --pkinit-identity=FILE:/path/to/cert.pem,/path/to/key.pem \ --pkinit-anchor=/path/to/kdc-ca-bundle.pem ``` Fixes: https://pagure.io/freeipa/issue/9271 Fixes: https://pagure.io/freeipa/issue/9269 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>		2022-11-16 14:32:05 +02:00
..
_static/css	docs: tune RTD to display lists with disc and left margin	2022-05-10 15:52:41 +03:00
designs	Add PKINIT support to ipa-client-install	2022-11-16 14:32:05 +02:00
examples	Have all the scripts run in python 3 by default	2018-02-15 18:43:12 +01:00
guide	logging: do not reference loggers in arguments and attributes	2017-07-14 15:55:59 +02:00
workshop	workshop: add freeipa version requirements	2022-05-25 08:09:43 +03:00
conf.py	docs: tune RTD to display lists with disc and left margin	2022-05-10 15:52:41 +03:00
constraints.txt	ap: Constrain supported docutils	2022-07-26 12:36:41 -04:00
index.rst	Include workshop in sphinx build	2020-03-21 07:40:34 +02:00
Makefile	ap: Constrain supported docutils	2022-07-26 12:36:41 -04:00
requirements.txt	docs: force sphinx version above 3.0 to avoid caching in RTD	2022-05-04 10:40:07 +03:00
workshop.rst	workshop: add chapter 12: External IdP support	2022-05-10 15:52:41 +03:00