[pki-devel][PATCH] 0069-Show-KeyOwner-info-when-viewing-recovery-requests.patch
by John Magne
Show KeyOwner info when viewing recovery requests.
This simple fix will grab the subject info out of the cert
associated with either pending or complete recovery requests being
viewed in the KRA UI.
For example:
KeyOwner: UID=jmagne, O=Token Key User
Will be displayed.
Have seen this display for both pending and completed recovery requests.
This simple fix should be good enough for this round, despite the bug
asking about agent info and such. Those enhancements for later.
Ticket : Ticket #1512 : Key owner info missing from the Search results of Recovery request
7 years, 10 months
[PATCH] 321 - fix for ticket 1717
by Ade Lee
commit 2d92a69d7f211eabc1c59714036ef1aba4fc1fd4
Author: Ade Lee <alee(a)redhat.com>
Date: Thu Jun 2 12:20:20 2016 -0400
Add option to modify ajp_host to pkispawn
This allows IPA to handle the case of a pure ipv6
environment in which the ipv4 loopback interface is
not available.
Ticket 1717
7 years, 10 months
[PATCH] 320 - pki-server db changes
by Ade Lee
commit 9450b5f7695cc827cced6e86281694daa1e5c2c8
Author: Ade Lee <alee(a)redhat.com>
Date: Thu Jun 2 09:41:35 2016 -0400
Add commands to db-server to help with DB related changes
Added pki-server kra-db-vlv-add, kra-db-vlv-del, kra-db-vlv-reindex
Added pki-server db-schema-upgrade
If the admin has the directory manager (or equivalent) simple creds,
then they can enter them as parameters and perform the operations.
Otherwise, they can specify --generate-ldif to generate LDIF files
containing the changes that need to be implemented, and implement
them using GSSAPI or otherwise.
Tickets 2320, 2319
Please review,
Thanks,
Ade
7 years, 10 months
[PATCH] 315-319 KRA realm related patches
by Ade Lee
Patch descriptions (in reverse order).
The final patch will need some discussion. Please review,
Ade
***********************************************
commit 4a1fb1e678d0024d9ee51fcda0d83f74f1715f4b
Author: Ade Lee <alee(a)redhat.com>
Date: Thu Jun 2 09:41:35 2016 -0400
Modify pki-server db-upgrade to do realm related upgrades
Tickets 2320, 2319
commit ed3e2da4c598bf4cec89bec8e20a23ab6d82013c
Author: Ade Lee <alee(a)redhat.com>
Date: Fri May 27 14:01:59 2016 -0400
New VLV indexes for KRA including realm
commit 1a2947fed2f7cd2cc32fa810ab77d64bf3acb821
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 26 00:48:39 2016 -0400
Fix legacy servlets to check realm when requesting recovery
commit 483f9b2066110c3b8d4598e3afe1a9508bddbbb7
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 25 18:53:22 2016 -0400
Change legacy requests servlet to check realm
The legacy KRA servlet has been modified to check the realm
if present in the request, or only return non-realm requests
if not present.
No attempt is made to fix the error reporting of the servlet.
As such, an authz failure due to the realm check is handled
in the same way that other authz failures are handled.
commit 6c52845955315ca8842290d41c826c26aa037eb3
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 25 18:10:59 2016 -0400
Fix old KRA servlets to check realm
The old KRA servlets to list and display keys do not go through
the same code paths as the REST API. Therefore, they do not
check the authz realm.
This patch adds the relevant code. No attempt is made to fix the
error handling of the old servlets. the long term solution for this
is to deprecate the old servlets and make the UI use the REST API
instead. Therefore, authz failures due to realm checks are handled
in the same way as other authz changes.
7 years, 10 months
[PATCH] 0120..0121 Remove pki-ipa-retrieve-key script
by Fraser Tweedale
G'day comrades,
Please review the attached two patches, which...
(Patch 0120)
- provide for passing of configuration (from CS.cfg) to KeyRetriever
implementations
- generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
which executes a configured executable rather than a hardcoded one
(Patch 0121)
- remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
repo
Cheers,
Fraser
7 years, 10 months
[PATCH] Certificate Nickname Improvement
by Matthew Harmsen
Please review the attached patch which addresses the following ticket:
* PKI TRAC Ticket #1432 - Certificate nickname improvement
<https://fedorahosted.org/pki/ticket/432>
This was tested by successfully:
* creating a shared PKI instance containing a CA, KRA, OCSP, TKS, and TPS,
* creating a separated CA,
* creating a separated KRA,
* creating a separated OCSP,
* creating a separated TKS,
* creating a separated TPS, and
* installing a FreeIPA instance
Detailed contents of the nicknames as they appear in the NSS security
databases of both the shared PKI instance as well as each of the
separated PKI instances is detailed in the above ticket.
7 years, 10 months