[pki-devel] [PATCH] 0074-Add-ability-to-disallow-TPS-to-enroll-a-single-user-.patch
by John Magne
Add ability to disallow TPS to enroll a single user on multiple tokens.
This patch will install a check during the early portion of the enrollment
process check a configurable policy whether or not a user should be allowed
to have more that one active token.
This check will take place only for brand new tokens not seen before.
The check will prevent the enrollment to proceed and will exit before the system
has a chance to add this new token to the TPS tokendb.
The behavior will be configurable for the the external reg and not external reg scenarios
as follows:
op.enroll.nonExternalReg.allowMultiActiveTokensUser=false
op.enroll.externalReg.allowMultiActiveTokensUser=false
7 years, 9 months
[PATCH] Separate PKI Instances versus Shared PKI Instances
by Matthew Harmsen
Please review the attached patch which addresses the following ticket:
* PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate
description for shared vs non shared tomcat instance installation
<https://fedorahosted.org/pki/ticket/1607>
This ticket adds text to the pkispawn.8 man page to more adequately
describe the differences between
separated PKI instances and shared PKI instances including increasing
the verbosity of the two examples
related to these two deployment alternatives.
7 years, 9 months
[PATCH] 778 Fixed KRA cloning issue.
by Endi Sukma Dewata
The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.
The some other classes have been modified to provide better
debugging information.
https://fedorahosted.org/pki/ticket/2374
--
Endi S. Dewata
7 years, 9 months