[Freeipa-devel] [PATCH] Add DRM to IPA
Rob Crittenden
rcritten at redhat.com
Mon Apr 7 18:58:03 UTC 2014
Dmitri Pal wrote:
> On 04/04/2014 02:50 PM, Ade Lee wrote:
>> This patch adds the capability of installing a Dogtag DRM
>> to an IPA instance. With this patch, when ipa-server-install
>> is run, a Dogtag CA and a Dogtag DRM are created. The DRM
>> shares the same tomcat instance and DS instance as the Dogtag CA.
>> Moreover, the same admin user/agent (and agent cert) can be used
>> for both subsystems. Certmonger is also confgured to monitor the
>> new subsystem certificates.
>>
>> It is also possible to clone the DRM. When the IPA instance is
>> cloned, if --enable-ca and --enable-drm are specified, the DRM
>> is cloned as well.
>>
>> Installing a DRM requires the user to have a Dogtag CA instance.
>> We can look into possibly relaxing that requirement in a later patch.
>>
>> I am still working on patches for a ipa-drm-install script, which
>> would be used to add a DRM to an existing master (that includes
>> a dogtag CA), or an existing clone.
>>
>> Please review,
>>
>> Thanks,
>> Ade
>>
>
>
> Any takers?
I'm going to look at it. Ade has provided a COPR build of the dogtag
bits we'll need at
http://copr.fedoraproject.org/coprs/vakwetu/dogtag/repo/fedora-20-x86_64/
rob
More information about the Freeipa-devel
mailing list