[freeipa PR#2248][opened] Fix ipa-restore: create /var/run/ipa files
by flo-renaud
URL: https://github.com/freeipa/freeipa/pull/2248
Author: flo-renaud
Title: #2248: Fix ipa-restore: create /var/run/ipa files
Action: opened
PR body:
"""
In ipa 4.5.4, ipa-restore fails because the file /etc/tmpfiles.d/ipa.conf
is not restored => /var/run/ipa and /var/run/ipa/ccaches directories
are not created.
The fix creates these directories in ipa-restore and creates ipa.conf.
With this approach, the fix allows to restore a backup done with 4.5.4
prior to the fix.
Note: the fix is specific to ipa-4-5, in ipa-4-6 and above version the file
/etc/tmpfiles.d/ipa.conf is created at package install time and not at
ipa server install time.
Fixes: https://pagure.io/freeipa/issue/7571
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2248/head:pr2248
git checkout pr2248
5 years, 8 months
[freeipa PR#2228][opened] do not use RC4 in FIPS mode
by abbra
URL: https://github.com/freeipa/freeipa/pull/2228
Author: abbra
Title: #2228: do not use RC4 in FIPS mode
Action: opened
PR body:
"""
ipasam: do not use RC4 in FIPS mode
When creating Kerberos keys for trusted domain object account, ipasam
module requests to generate keys using a series of well-known encryption
types. In FIPS mode it is not possible to generate RC4-HMAC key:
MIT Kerberos is using openssl crypto backend and openssl does not allow
use of RC4 in FIPS mode.
Thus, we have to filter out RC4-HMAC encryption type when running in
FIPS mode. A side-effect is that a trust to Active Directory running
with Windows Server 2003 will not be possible anymore in FIPS mode.
Resolves: https://pagure.io/freeipa/issue/7659
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2228/head:pr2228
git checkout pr2228
5 years, 8 months