Tree - rpms/ipa - CentOS Git server

rpms / ipa

Blame SOURCES/0027-Allow-PKINIT-to-be-enabled-when-updating-from-a-pre-.patch

Blob History Raw

		eb7a78	`From 12124fcb8c908d208d8863c00cf19a511bd54d1c Mon Sep 17 00:00:00 2001`
		eb7a78	`From: Antonio Torres <antorres@redhat.com>`
		eb7a78	`Date: Fri, 11 Jun 2021 14:00:08 +0200`
		eb7a78	`Subject: [PATCH] Allow PKINIT to be enabled when updating from a pre-PKINIT`
		eb7a78	`IPA CA server`
		eb7a78
		eb7a78	`When upgrading from a server with IPA CA before PKINIT was introduced`
		eb7a78	`(4.5), PKINIT would not be enabled and there wasn't any way to enable it`
		eb7a78	`since upgrade code only issues self-signed certificates when`
		eb7a78	`certificates are missing. With these change there is a way to enable`
		eb7a78	`PKINIT when coming from a IPA server with a pre-PKINIT version (4.4 and`
		eb7a78	`before).`
		eb7a78
		eb7a78	`Fixes: https://pagure.io/freeipa/issue/8532`
		eb7a78	`Signed-off-by: Antonio Torres <antorres@redhat.com>`
		eb7a78	`Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>`
		eb7a78	`---`
		eb7a78	`ipaserver/install/ipa_pkinit_manage.py \| 2 ++`
		eb7a78	`1 file changed, 2 insertions(+)`
		eb7a78
		eb7a78	`diff --git a/ipaserver/install/ipa_pkinit_manage.py b/ipaserver/install/ipa_pkinit_manage.py`
		eb7a78	`index 86bd1baf00178a629864b210ca9f4786668149df..bf5875d4f3f35465e6a9ff708d19c25bc3f95063 100644`
		eb7a78	`--- a/ipaserver/install/ipa_pkinit_manage.py`
		eb7a78	`+++ b/ipaserver/install/ipa_pkinit_manage.py`
		eb7a78	`@@ -78,6 +78,8 @@ class PKINITManage(AdminTool):`
		eb7a78	`krb.enable_ssl()`
		eb7a78
		eb7a78	`if setup_pkinit:`
		eb7a78	`+ if not is_pkinit_enabled():`
		eb7a78	`+ krb.setup_pkinit()`
		eb7a78	`krb.pkinit_enable()`
		eb7a78	`else:`
		eb7a78	`krb.pkinit_disable()`
		eb7a78	`--`
		eb7a78	`2.26.3`
		eb7a78

rpms / ipa

Source Code

Blame SOURCES/0027-Allow-PKINIT-to-be-enabled-when-updating-from-a-pre-.patch