mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Go to file

Alexander Bokovoy e8a7e2e38a ipa-kdb: add pkinit authentication indicator in case of a successful certauth We automatically add 'otp' and 'radius' authentication indicators when pre-authentication with OTP or RADIUS did succeed. Do the same for certauth-based pre-authentication (PKINIT). A default PKINIT configuration does not add any authentication indicators unless 'pkinit_indicator = pkinit' is set in kdc.conf. Unfortunately, modifying kdc.conf automatically is a bit more complicated than modifying krb5.conf. Given that we have 'otp' and 'radius' authentication indicators also defined in the code not in the kdc.conf, this change is following an established trend. SSSD certauth interface does not provide additional information about which rule(s) succeeded in matching the incoming certificate. Thus, there is not much information we can automatically provide in the indicator. It would be good to generate indicators that include some information from the certmapping rules in future but for now a single 'pkinit' indicator is enough. Fixes https://pagure.io/freeipa/issue/6736 Reviewed-By: Simo Sorce <ssorce@redhat.com>		2017-06-05 18:35:27 +02:00
asn1	fix minor spelling mistakes	2017-05-19 09:52:46 +02:00
client	client install: fix client PKINIT configuration	2017-05-19 12:31:24 +02:00
contrib	Add copy-schema-to-ca for RHEL6 to contrib/	2017-03-14 15:16:20 +01:00
daemons	ipa-kdb: add pkinit authentication indicator in case of a successful certauth	2017-06-05 18:35:27 +02:00
doc	scripts, tests: explicitly set confdir in the rest of server code	2017-02-22 08:07:48 +00:00
init	Use Custodia 0.3.1 features	2017-03-28 15:02:06 +02:00
install	Fix index definition for ipaAnchorUUID	2017-05-30 12:32:34 +02:00
ipaclient	ca/cert-show: check certificate_out in options	2017-05-24 13:33:09 +00:00
ipalib	rpc: avoid possible recursion in create_connection	2017-06-02 16:43:02 +02:00
ipaplatform	adtrust: move SELinux settings to constants	2017-05-26 08:32:05 +02:00
ipapython	ca-add: validate Subject DN name attributes	2017-06-01 09:28:36 +02:00
ipaserver	Changing cert-find to do not use only primary key to search in LDAP.	2017-06-02 16:45:43 +02:00
ipatests	ipatests: add systemd journal collection for multihost tests	2017-06-01 11:50:44 +02:00
po	fix minor spelling mistakes	2017-05-19 09:52:46 +02:00
pypi	tox testing support for client wheel packages	2017-04-12 16:53:22 +02:00
util	C compilation fixes and hardening	2017-03-01 10:38:01 +01:00
.git-commit-template	git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org	2017-03-28 13:10:08 +02:00
.gitignore	tox testing support for client wheel packages	2017-04-12 16:53:22 +02:00
.mailmap	Update Contributors.txt	2017-02-23 10:16:44 +01:00
.test_runner_config.yaml	travis: fix pylint execution with py3	2017-05-29 14:44:29 +02:00
.tox-install.sh	tox testing support for client wheel packages	2017-04-12 16:53:22 +02:00
.travis_run_task.sh	Travis CI: actually return non-zero exit status when the test job fails	2017-01-09 15:22:51 +01:00
.travis.yml	Travis CI: explicitly update pip before running the builds	2017-05-10 08:54:13 +02:00
.wheelconstraints.in	tox: use pylint 1.6.x for now	2017-04-25 12:24:48 +02:00
ACI.txt	Add --password-expiration to allow admin to force user password expiration	2017-03-31 12:19:40 +02:00
API.txt	Add `pkinit-status` command	2017-05-26 16:11:40 +02:00
autogen.sh	build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches	2010-11-29 11:39:55 -05:00
BUILD.txt	Add 'TIP' to enable copr repo.	2017-05-29 14:46:09 +02:00
configure.ac	configure: fix AC_CHECK_LIB usage	2017-04-19 13:56:23 +00:00
Contributors.txt	Update Contributors.txt	2017-02-23 10:16:44 +01:00
COPYING	Change FreeIPA license to GPLv3+	2010-12-20 17:19:53 -05:00
COPYING.openssl	Add a clear OpenSSL exception.	2015-02-23 16:25:54 +01:00
freeipa.spec.in	pylint: explicitly depends on python2-pylint	2017-06-01 09:51:52 +02:00
ignore_import_errors.py	makeapi, makeaci: do not fail on missing imports	2016-10-24 14:11:08 +02:00
ipa	Use entry_points for ipa CLI	2017-04-11 13:29:50 +02:00
ipasetup.py.in	ipasetup: fix dependencies handling based on python version	2017-05-16 11:53:33 +02:00
make-doc	Make an ipa-tests package	2013-06-17 19:22:50 +02:00
make-test	Use pytest conftest.py and drop pytest.ini	2017-01-05 17:37:02 +01:00
makeaci	makeapi, makeaci: do not fail on missing imports	2016-10-24 14:11:08 +02:00
makeapi	Python3 pylint fixes	2016-11-25 16:18:22 +01:00
Makefile.am	Band-aid for pip dependency bug	2017-04-26 12:31:11 +02:00
Makefile.python.am	Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb	2017-03-15 13:48:23 +01:00
makerpms.sh	Build: update makerpms.sh to use same paths as rpmbuild	2016-11-16 09:12:07 +01:00
pylint_plugins.py	Pylint: fix ipa_forbidden_import checker	2017-05-29 18:37:41 +02:00
pylintrc	pylint: ignore new checks added in 1.7	2017-05-29 18:37:41 +02:00
README.md	Change README to use Markdown	2017-03-02 16:55:57 +01:00
server.m4	configure: fix AC_CHECK_LIB usage	2017-04-19 13:56:23 +00:00
tox.ini	Slim down dependencies	2017-05-09 17:17:29 +02:00
VERSION.m4	Add `pkinit-status` command	2017-05-26 16:11:40 +02:00
zanata.xml	Zanata: exlude testing ipa.pot file	2016-11-21 14:47:47 +01:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based managment tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

Allows all your users to access all the machines with the same credentials and security settings
Allows users to access personal files transparently from any machine in an authenticated and secure way
Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
Enables delegation of selected administrative tasks to other power users
Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

LDAP Server - based on the 389 project
KDC - based on MIT Kerberos implementation
PKI based on Dogtag project
Samba libraries for Active Directory integration
DNS Server based on BIND and the Bind-DynDB-LDAP plugin

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

Licensing

Please see the file called COPYING.

Contacts

If you want to be informed about new code releases, bug fixes, security fixes, general news and information about the IPA server subscribe to the freeipa-announce mailing list at https://www.redhat.com/mailman/listinfo/freeipa-interest/ .
If you have a bug report please submit it at: https://pagure.io/freeipa/issues
If you want to participate in actively developing IPA please subscribe to the freeipa-devel mailing list at https://www.redhat.com/mailman/listinfo/freeipa-devel/ or join us in IRC at irc://irc.freenode.net/freeipa