IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 17:01:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
e7581cc0d8
freeipa/ipaserver/install
History
Florence Blanc-Renaud a230153837 PKINIT: fix ipa-pkinit-manage enable|disable 
The command ipa-pkinit-manage enable|disable is reporting
success even though the PKINIT cert is not re-issued.
The command triggers the request of a new certificate
(signed by IPA CA when state=enable, selfsigned when disabled),
but as the cert file is still present, certmonger does not create
a new request and the existing certificate is kept.

The fix consists in deleting the cert and key file before calling
certmonger to request a new cert.

There was also an issue in the is_pkinit_enabled() function:
if no tracking request was found for the PKINIT cert,
is_pkinit_enabled() was returning True while it should not.

Fixes https://pagure.io/freeipa/issue/7200

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-12-05 11:06:21 +01:00
..
plugins ipa upgrade: handle double-encoded certificates 2018-11-30 11:05:17 +01:00
server Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py ipaserver.install.adtrust: fix CID 323644 2018-11-07 16:37:18 +01:00
adtrustinstance.py pylint 2.2: Fix unnecessary pass statement 2018-11-26 16:54:43 +01:00
bindinstance.py Fix zonemgr encoding issue 2018-10-05 09:04:15 -04:00
ca.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
cainstance.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
certs.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py Fix raising-format-tuple 2018-11-13 13:37:58 +01:00
dns.py Fix zonemgr encoding issue 2018-10-05 09:04:15 -04:00
dnskeysyncinstance.py Delay enabling services until end of installer 2018-07-06 13:26:43 +02:00
dogtag.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
dogtaginstance.py Replace messagebus with modern name dbus 2018-11-08 17:44:45 +01:00
dsinstance.py DS install: don't fail if SSL already configured 2018-11-13 12:07:27 +01:00
httpinstance.py httpinstance: Restore SELinux context of session_dir /etc/httpd/alias 2018-08-03 13:23:21 +02:00
installutils.py Print correct subject on CA cert verification failure 2018-11-13 14:19:18 +01:00
ipa_backup.py ipa-backup: restart services before compressing the backup 2018-10-26 17:21:07 +02:00
ipa_cacert_manage.py Add support for multiple certificates/formats to ipa-cacert-manage 2018-11-13 10:44:14 +01:00
ipa_kra_install.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X 2018-08-03 13:23:21 +02:00
ipa_server_certinstall.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
kra.py Remove DL0 specific code from kra in ipaserver/install 2018-09-12 13:11:21 +02:00
krainstance.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
krbinstance.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ldapupdate.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
odsexporterinstance.py Delay enabling services until end of installer 2018-07-06 13:26:43 +02:00
opendnssecinstance.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
schemaupdate.py logging: do not use ipa_log_manager to create module-level loggers 2017-07-14 15:55:59 +02:00
service.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Re-open the ldif file to prevent error message 2018-08-16 12:45:00 +02:00