[Pki-devel] [PATCH] patches for authz realm and fixing output on request rejection

Ade Lee alee at redhat.com
Mon May 9 19:18:04 UTC 2016 

Patch descriptions .. in reverse order.

Note that the CA setup for authz is further documented at 
pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a
section on 'CA Configuration".

Thanks, 
Ade

****************************************************************
commit ad1fcecc2f36cc1ebc1f13efe3df9d1e138224b7
Author: Ade Lee <alee at redhat.com>
Date:   Mon May 9 15:00:20 2016 -0400

    Add authz realm check for cert enrollment
    
    Ticket 2041

commit b5232ce101083409ed9a86e9057620cca7288f62
Author: Ade Lee <alee at redhat.com>
Date:   Sat May 7 00:06:08 2016 -0400

    Fix error output when request is rejected
    
    With this fix, error messages are returned to the user when
    a request is rejected - either in the UI or from the pki CLI.
    
    Trac Ticket 1247 (amongst others)

commit 82d18a99103de1fa749b077cfccec5ff65ceb4a5
Author: Ade Lee <alee at redhat.com>
Date:   Wed May 4 18:25:51 2016 -0400

    Add realm to requests coming in from CA
    
    Requests to the KRA through the CA-KRA connector use the Enrollment
    Service.  This has been modified to read and store any realm passed in.
    The realm can be added to the request by havibg the admin add
    a AuthzRealmDefault and AuthzRealmConstraint in a profile.
    
    At this point, all the constraint does is verify that the realm is
    one of a specified list of realms.  More verification will be added
    in a subsequent patch.
    
    No attempt is made yet to allow users to specify the realm.  This
    would need to be added as a ProfileInput.
    
    Part of Ticket 2041
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0299-Add-realm-to-requests-coming-in-from-CA.patch
Type: text/x-patch
Size: 28884 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160509/cdb21172/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0300-Fix-error-output-when-request-is-rejected.patch
Type: text/x-patch
Size: 13537 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160509/cdb21172/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0301-Add-authz-realm-check-for-cert-enrollment.patch
Type: text/x-patch
Size: 2497 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160509/cdb21172/attachment-0002.bin>

More information about the Pki-devel mailing list