IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee780df13c99a5465cd6df965772260c297a5eb2
freeipa/install
History
John Dennis ee780df13c Implement password based session login 
* Adjust URL's
  - rename /ipa/login -> /ipa/session/login_kerberos
  - add /ipa/session/login_password

* Adjust Kerberos protection on URL's in ipa.conf

* Bump VERSION in httpd ipa.conf to pick up session changes.

* Adjust login URL in ipa.js

* Add InvalidSessionPassword to errors.py

* Rename krblogin class to login_kerberos for consistency with
  new login_password class

* Implement login_password.kinit() method which invokes
  /usr/bin/kinit as a subprocess

* Add login_password class for WSGI dispatch, accepts POST
  application/x-www-form-urlencoded user & password
  parameters. We form the Kerberos principal from the server's
  realm.

* Add function  krb5_unparse_ccache()

* Refactor code to share common code

* Clean up use of ccache names, be consistent

* Replace read_krbccache_file(), store_krbccache_file(), delete_krbccache_file()
  with load_ccache_data(), bind_ipa_ccache(), release_ipa_ccache().
  bind_ipa_ccache() now sets environment KRB5CCNAME variable.
  release_ipa_ccache() now clears environment KRB5CCNAME variable.

* ccache names should now support any ccache storage scheme,
  not just FILE based ccaches

* Add utilies to return HTTP status from wsgi handlers,
  use constants for HTTP status code for consistency.
  Use utilies for returning from wsgi handlers rather than
  duplicated code.

* Add KerberosSession.finalize_kerberos_acquisition() method
  so different login handlers can share common code.

* add Requires: krb5-workstation to server (server now calls kinit)

* Fix test_rpcserver.py to use new dispatch inside route() method

https://fedorahosted.org/freeipa/ticket/2095
2012-02-27 05:57:43 -05:00
..
conf
Implement password based session login
2012-02-27 05:57:43 -05:00
html
Fixed inconsistent image names.
2011-10-27 14:05:12 +00:00
migration
ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging
2011-11-23 09:36:18 +01:00
po
update translation pot file
2012-02-21 17:19:20 -05:00
share
Tweak the session auth to reflect developer consensus.
2012-02-27 05:54:29 -05:00
tools
Sanitize UDP checks in conncheck
2012-02-26 18:08:59 -05:00
ui
Implement password based session login
2012-02-27 05:57:43 -05:00
updates
Global DNS options
2012-02-24 09:40:40 +01:00
configure.ac
Fixed inconsistent image names.
2011-10-27 14:05:12 +00:00
Makefile.am
rename static to ui
2011-01-20 14:12:47 +00:00
README.schema
Add some basic rules for adding new schema
2010-08-27 13:40:37 -04:00

README.schema 

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.