[Freeipa-devel] [PATCH] fix up replica creation and installation
Rob Crittenden
rcritten at redhat.com
Tue Feb 5 15:57:14 UTC 2008
I've made fairly major changes to the way replication is handled.
The first is to use file to store the current CA serial number. I could
have stored it in LDAP, others are free to add this if they like but a
file is good enough for now.
No longer create a PKCS#12 file that contains the CA. This is a
self-signed cert after all, no need to walk on egg shells.
No longer send the entire CA to each replica, generate the SSL certs on
master. This is what drove storing the serial number. We used to send
the entire CA to each replica it could be used to generate the SSL certs
needed. This resulted in duplicate serial numbers and the CA everywhere.
Instead I changed ipa-replica-prepare to take a FQDN and we generate the
certificates in advance.
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-629-replica.patch
Type: text/x-patch
Size: 17478 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080205/b221cc09/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080205/b221cc09/attachment-0001.bin>
More information about the Freeipa-devel
mailing list