freeipa/install/share/custodia.conf.template
Jan Cholasta a1f260d021 ipapython: move dnssec, p11helper and secrets to ipaserver
The dnssec and secrets subpackages and the p11helper module depend on
ipaplatform.

Move them to ipaserver as they are used only on the server.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00

29 lines
591 B
Plaintext

[global]
server_version = "IPAKeys/0.0.1"
server_socket = $IPA_CUSTODIA_SOCKET
auditlog = $IPA_CUSTODIA_AUDIT_LOG
[auth:simple]
handler = custodia.httpd.authenticators.SimpleCredsAuth
uid = $UID
gid = $GID
[auth:header]
handler = custodia.httpd.authenticators.SimpleHeaderAuth
header = GSS_NAME
[authz:kemkeys]
handler = ipaserver.secrets.kem.IPAKEMKeys
paths = /keys
store = ipa
server_keys = $IPA_CUSTODIA_CONF_DIR/server.keys
[store:ipa]
handler = ipaserver.secrets.store.IPASecStore
ldap_uri = $LDAP_URI
[/keys]
handler = custodia.secrets.Secrets
allowed_keytypes = kem
store = ipa