mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
f1ed123cad
IPA client and server tool set used authconfig acutil module to for client DNS operations. This is not optimal DNS interface for several reasons: - does not provide native Python object oriented interface but but rather C-like interface based on functions and structures which is not easy to use and extend - acutil is not meant to be used by third parties besides authconfig and thus can break without notice Replace the acutil with python-dns package which has a feature rich interface for dealing with all different aspects of DNS including DNSSEC. The main target of this patch is to replace all uses of acutil DNS library with a use python-dns. In most cases, even though the larger parts of the code are changed, the actual functionality is changed only in the following cases: - redundant DNS checks were removed from verify_fqdn function in installutils to make the whole DNS check simpler and less error-prone. Logging was improves for the remaining checks - improved logging for ipa-client-install DNS discovery https://fedorahosted.org/freeipa/ticket/2730 https://fedorahosted.org/freeipa/ticket/1837
-
-
Code to be installed on any client that wants to be in an IPA domain. Mostly consists of a tool for Linux systems that will help configure the client so it will work properly in a kerberized environment. It also includes several ways to configure Firefox to do single sign-on. The two methods on the client side are: 1. globalsetup.sh. This modifies the global Firefox installation so that any profiles created will be pre-configured. 2. usersetup.sh. This will update a user's existing profile. The downside of #1 is that an rpm -V will return a failure. It will also need to be run with every update of Firefox. One a profile contains the proper preferences it will be unaffected by upgrades to Firefox. The downside of #2 is that every user would need to run this each time they create a new profile. There is a third, server-side method. See ipa-server/README for details.