freeipa/install/share
Rob Crittenden 109b79a7ac Change the way has_keytab is determined, also check for password.
We need an indicator to see if a keytab has been set on host and
service entries. We also need a way to know if a one-time password is
set on a host.

This adds an ACI that grants search on userPassword and
krbPrincipalKey so we can do an existence search on them. This way
we can tell if the attribute is set and create a fake attribute
accordingly.

When a userPassword is set on a host a keytab is generated against
that password so we always set has_keytab to False if a password
exists. This is fine because when keytab gets generated for the
host the password is removed (hence one-time).

This adds has_keytab/has_password to the user, host and service plugins.

ticket https://fedorahosted.org/freeipa/ticket/1538
2011-08-24 14:12:01 +02:00
..
05rfc2247.ldif Incorporate new schema for IPAv2 2009-02-11 17:13:41 -05:00
60basev2.ldif Fix ORDERING in some attributetypes and remove other unnecessary elements. 2011-04-05 21:46:32 -04:00
60ipaconfig.ldif Make ipaDefaultLoginShell use IA5String syntax to match POSIX schema. 2011-01-11 10:21:04 -05:00
60ipasudo.ldif Rename 60sudo.ldif to 60ipasudo.ldif to not overwrite the 389-ds version. 2010-11-09 13:30:45 -05:00
60kerberos.ldif Add support for account unlocking 2011-01-28 10:23:02 -05:00
60policyv2.ldif Re-number some attributes to compress our usage to be contiguous 2010-05-27 10:50:49 -04:00
60samba.ldif Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
anonymous-vlv.ldif Let anonymous users browse the VLV index 2009-07-10 16:45:45 -04:00
bind.named.conf.template Allow recursion by default 2011-06-27 23:14:16 -04:00
bind.zone.db.template Add new DNS install argument for setting the zone mgr e-mail addr. 2010-09-23 12:00:12 -04:00
bootstrap-template.ldif The default groups we create should have ipaUniqueId set 2011-04-15 13:02:17 +02:00
caJarSigningCert.cfg.template Add signing profile to CA installation so we can sign the firefox jar file. 2009-05-04 16:54:42 -04:00
certmap.conf.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
default-aci.ldif Change the way has_keytab is determined, also check for password. 2011-08-24 14:12:01 +02:00
default-hbac.ldif UUIDs: remove uuid python plugin and let DS always autogenerate 2010-10-28 07:58:31 -04:00
default-keytypes.ldif pwd-plugin: Always use a special salt by default. 2010-10-28 17:18:03 -04:00
default-pwpolicy.ldif Updated default Kerberos password policy 2011-02-16 22:28:08 -05:00
delegation.ldif Disallow direct modifications to enrolledBy. 2011-07-14 19:11:49 -04:00
dna.ldif id ranges: change DNA configuration 2010-11-22 12:42:16 -05:00
dns.ldif Rename permissions and privileges to be more readable. 2011-01-31 13:17:38 -05:00
ds-nfiles.ldif Autotune directory server to use a greater number of files 2010-11-22 12:42:16 -05:00
encrypted_attribute.ldif Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
entryusn.ldif Address entryusn initialization on replica installation 2011-01-28 13:58:43 -05:00
fedora-ds.init.patch Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
host_nis_groups.ldif Configure Managed Entries on replicas. 2011-05-25 16:39:27 -04:00
indices.ldif Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
kdc_extensions.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc_req.conf.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc.conf.template Restrict anonymous tgts 2011-01-12 17:20:09 -05:00
kerberos.ldif Put some safeguards against misconfiguration on the kdc account 2011-01-28 13:55:57 -05:00
key_escrow_schema.ldif Re-number some attributes to compress our usage to be contiguous 2010-05-27 10:50:49 -04:00
krb5.conf.template Remove redundant configuration values from krb5.conf. 2011-06-28 01:10:06 -04:00
krb5.ini.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
krb.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
krbrealm.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
ldapi.ldif Enable ldapi connections in the management framework. 2009-08-27 13:36:58 -04:00
Makefile.am Create default disabled sudo bind user 2011-02-23 15:32:24 -05:00
master-entry.ldif Use nsContainer and not extensibleObject for masters entries 2010-12-15 10:58:03 -05:00
memberof-conf.ldif Display user and host membership in netgroups. 2010-11-24 08:38:41 -05:00
memberof-task.ldif Wait for memberof task and DS to start before proceeding in installation. 2011-04-22 11:43:50 +02:00
modrdn-krbprinc.ldif Set the ipa-modrdn plugin precedence to 60 so it runs last 2011-07-17 22:24:30 -04:00
nis.uldif drop the group.upg NIS map 2011-02-14 11:35:03 -05:00
preferences.html.template Fixed browser configuration pages 2011-08-17 17:28:25 +00:00
referint-conf.ldif Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
replica-acis.ldif Fix replica setup using replication admin kerberos credentials 2011-03-01 11:02:55 -05:00
root-autobind.ldif Remove root autobind search restriction, fix upgrade logging & error handling. 2011-06-13 09:51:05 +02:00
schema_compat.uldif Move sudo related data all under cn=sudo 2011-01-17 11:46:45 -05:00
sudobind.ldif Create default disabled sudo bind user 2011-02-23 15:32:24 -05:00
unique-attributes.ldif Fixed cn attribute in ipaUniqueID uniqueness config. 2011-02-16 19:38:18 -05:00
user_private_groups.ldif Configure Managed Entries on replicas. 2011-05-25 16:39:27 -04:00
uuid-ipauniqueid.ldif UUIDs: remove uuid python plugin and let DS always autogenerate 2010-10-28 07:58:31 -04:00
wsgi.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00