[Freeipa-devel] [freeipa PR#517][comment] Use Custodia 0.3 features

Wed Mar 22 11:50:33 UTC 2017

  URL: https://github.com/freeipa/freeipa/pull/517
Title: #517: Use Custodia 0.3 features

MartinBasti commented:
"""
Replica logs^

Master logs:

```
Mar 21 15:46:03 vm-126.abc.idm.lab.eng.brq.redhat.com systemd[1]: Stopping IPA Custodia Service...
Mar 21 15:46:03 vm-126.abc.idm.lab.eng.brq.redhat.com systemd[1]: Stopped IPA Custodia Service.
Mar 22 10:18:10 vm-126.abc.idm.lab.eng.brq.redhat.com systemd[1]: Starting IPA Custodia Service...
Mar 22 10:18:10 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:18:10 - server                           - Serving on Unix socket /ru
Mar 22 10:18:10 vm-126.abc.idm.lab.eng.brq.redhat.com systemd[1]: Started IPA Custodia Service.
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:41:44 - SimpleCredsAuth-[auth:simple]    - PASS: '83694' authenticate
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:41:44 - SimpleHeaderAuth-[auth:header]   - PASS: '83694' authenticate
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:41:44 - IPAKEMKeys-[authz:kemkeys]       - PASS: '83694' authorized f
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:41:44 - Secrets-[/keys]                  - DENIED: '(null)' requested
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 2017-03-22 10:41:44 - server                           - code 406, message Key name
Mar 22 10:41:44 vm-126.abc.idm.lab.eng.brq.redhat.com ipa-custodia[83008]: 127.0.0.1 - - [22/Mar/2017 10:41:44] "GET /keys/ca/caSigningCert%20cert-pki-ca?type
~
```

audit.log
```
2017-03-22 10:41:44 - SimpleCredsAuth-[auth:simple]    - PASS: '83694' authenticated as '48, 48'
2017-03-22 10:41:44 - SimpleHeaderAuth-[auth:header]   - PASS: '83694' authenticated as '(null)'
2017-03-22 10:41:44 - IPAKEMKeys-[authz:kemkeys]       - PASS: '83694' authorized for '/keys'
2017-03-22 10:41:44 - Secrets-[/keys]                  - DENIED: '(null)' requested key 'ca/caSigningCert%20cert-pki-ca'
```

"""

See the full comment at https://github.com/freeipa/freeipa/pull/517#issuecomment-288375592