[Freeipa-devel] [PATCH] Add DRM to IPA

Rob Crittenden rcritten at redhat.com
Mon Apr 7 18:58:03 UTC 2014

Dmitri Pal wrote:
> On 04/04/2014 02:50 PM, Ade Lee wrote:
>>      This patch adds the capability of installing a Dogtag DRM
>>      to an IPA instance.  With this patch, when ipa-server-install
>>      is run, a Dogtag CA and a Dogtag DRM are created.  The DRM
>>      shares the same tomcat instance and DS instance as the Dogtag CA.
>>      Moreover, the same admin user/agent (and agent cert) can be used
>>      for both subsystems.  Certmonger is also confgured to monitor the
>>      new subsystem certificates.
>>      It is also possible to clone the DRM.  When the IPA instance is
>>      cloned, if --enable-ca and --enable-drm are specified, the DRM
>>      is cloned as well.
>>      Installing a DRM requires the user to have a Dogtag CA instance.
>>      We can look into possibly relaxing that requirement in a later patch.
>>      I am still working on patches for a ipa-drm-install script, which
>>      would be used to add a DRM to an existing master (that includes
>>      a dogtag CA), or an existing clone.
>>     Please review,
>>     Thanks,
>>     Ade
> Any takers?

I'm going to look at it. Ade has provided a COPR build of the dogtag 
bits we'll need at 


More information about the Freeipa-devel mailing list