mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
fb58b76a80
Some certificates may have started renewal so returning to present time can bind the server up with trying to renew. certmonger fires off helpers when it's time to renew certificates. This scenario puts the time within the renewal window. If certmonger notices while the test is running it will kick off renewal for all 12 certificates. A lock is used to serialize things. The CA was shut down prior to changing time so there is no chance of issuing new certs. A fixture was used to ensure that things restarted when the test was over. This was for chronyd and the CA. By restarting the CA we allow the chance that it will be able to do some work, versus returning a connection error and letting certmonger just error out (CA_UNREACHABLE). During uninstallation we call certmonger remove_request over DBus (the equivalent to stop-tracking). As part of this certmonger waits for any child (helper) processes to go away. This used to do it via SIGKILL but that caused other problems so it was changed to waitpid(). We know that it isn't going to return for a while because the CA isn't up. DBus has a hardcoded 25 second timeout. So we're guaranteed to get a DBus timeout. We *could* try to play with it and change the timeout, or retry a bunch of times, but it isn't worth the hassle. This is a contrived scenario that uninstalls immediately after tweaking time forward. So rather than trying to make this succesful, uninstall at the future time with the CA stopped so that helpers won't be hanging around and certmonger can remove the certs. This is the last test so also the last time we need the replica so to avoid replication bogging things down remove that prior to executing the test. It's one less moving part during the uninstall phase. https://pagure.io/freeipa/issue/8506 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
|---|---|---|
| .copr | ||
| .github | ||
| asn1 | ||
| client | ||
| contrib | ||
| daemons | ||
| doc | ||
| init | ||
| install | ||
| ipaclient | ||
| ipalib | ||
| ipaplatform | ||
| ipapython | ||
| ipaserver | ||
| ipasphinx | ||
| ipatests | ||
| po | ||
| pypi | ||
| selinux | ||
| util | ||
| .freeipa-pr-ci.yaml | ||
| .git-commit-template | ||
| .gitignore | ||
| .lgtm.yml | ||
| .mailmap | ||
| .tox-install.sh | ||
| .wheelconstraints.in | ||
| ACI.txt | ||
| API.txt | ||
| autogen.sh | ||
| BUILD.txt | ||
| CODE_OF_CONDUCT.md | ||
| configure.ac | ||
| Contributors.txt | ||
| COPYING | ||
| COPYING.openssl | ||
| freeipa.doap.rdf | ||
| freeipa.spec.in | ||
| ipa.in | ||
| ipasetup.py.in | ||
| make-doc | ||
| make-test | ||
| makeaci.in | ||
| makeapi.in | ||
| Makefile.am | ||
| Makefile.python.am | ||
| Makefile.pythonscripts.am | ||
| makerpms.sh | ||
| pylint_plugins.py | ||
| pylintrc | ||
| README.md | ||
| server.m4 | ||
| tox.ini | ||
| VERSION.m4 | ||
FreeIPA Server
FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.
FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.
FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.
Benefits
FreeIPA:
- Allows all your users to access all the machines with the same credentials and security settings
- Allows users to access personal files transparently from any machine in an authenticated and secure way
- Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
- Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
- Enables delegation of selected administrative tasks to other power users
- Integrates into Active Directory environments
Components
The FreeIPA project provides unified installation and management tools for the following components:
- LDAP Server - based on the 389 project
- KDC - based on MIT Kerberos implementation
- PKI based on Dogtag project
- Samba libraries for Active Directory integration
- DNS Server based on BIND and the Bind-DynDB-LDAP plugin
Project Website
Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .
Documentation
The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .
Quick Start
To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide
For developers
- Building FreeIPA from source
- http://www.freeipa.org/page/Build
- See the BUILD.txt file in the source root directory
Licensing
Please see the file called COPYING.
Contacts
- If you want to be informed about new code releases, bug fixes, security fixes, general news and information about the IPA server subscribe to the freeipa-announce mailing list at https://www.redhat.com/mailman/listinfo/freeipa-interest/ .
- If you have a bug report please submit it at: https://pagure.io/freeipa/issues
- If you want to participate in actively developing IPA please subscribe to the freeipa-devel mailing list at https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/ or join us in IRC at irc://irc.freenode.net/freeipa