Bug 1449523
| Summary: | Provide an API command to retrieve PKINIT status in the FreeIPA topology | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Scott Poore <spoore> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | ksiddiqu, mbabinsk, pvoborni, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.5.0-14.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 09:50:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Petr Vobornik
2017-05-10 08:31:25 UTC
Upstream ticket: https://pagure.io/freeipa/issue/6937 Fixed upstream ipa-4-5: https://pagure.io/freeipa/c/c4aa3a17694b1ad8f9c60c98a95d217c01fc736c https://pagure.io/freeipa/c/753f8cf3aff07d22b35005b973e8518665d1fe6f https://pagure.io/freeipa/c/fbccb748a1c85b7ed67946ba7a11a960b839bcc9 https://pagure.io/freeipa/c/733cef9d5b0ae83127893ffff71689939902d257 https://pagure.io/freeipa/c/6b815aae7174693b4952f2c60e7201d99e7b9684 https://pagure.io/freeipa/c/4fa29a33765cb5d6ce86846f37766e5d3322f25f master: https://pagure.io/freeipa/c/bddb90f38a3505a2768862d2f814c5e749a7dcde https://pagure.io/freeipa/c/cac7e49daa04e838650548cc9162b8f117dc55b3 https://pagure.io/freeipa/c/d8bb23ac389929f28c584602e592b821e4c6ef9a https://pagure.io/freeipa/c/f80553208e8d9f3df422f5be8e1cafa511e1b2c4 https://pagure.io/freeipa/c/99352731b4b4bdcedfe6668ce71c1d67720ac4af https://pagure.io/freeipa/c/58fd229a1dbb3f00a591de9417f36197141e26d7 Verified. Version :: ipa-server-4.5.0-14.el7.x86_64 Results :: [root@vm1 ~]# ipa help pkinit Kerberos PKINIT feature status reporting tools. Report IPA masters on which Kerberos PKINIT is enabled or disabled EXAMPLES: List PKINIT status on all masters: ipa pkinit-status Check PKINIT status on `ipa.example.com`: ipa pkinit-status --server ipa.example.com List all IPA masters with disabled PKINIT: ipa pkinit-status --status='disabled' For more info about PKINIT support see: https://www.freeipa.org/page/V4/Kerberos_PKINIT Topic commands: pkinit-status Report PKINIT status on the IPA masters To get command help, use: ipa <command> --help ### ON IPA Master with no replicas: [root@vm1 ~]# ipa pkinit-status ---------------- 1 server matched ---------------- Server name: vm1.example.test PKINIT status: enabled ---------------------------- Number of entries returned 1 ---------------------------- ### ON IPA Master with replica installed with --no-pkinit [root@vm1 ~]# ipa pkinit-status ----------------- 2 servers matched ----------------- Server name: vm1.example.test PKINIT status: enabled Server name: vm2.example.test PKINIT status: disabled ---------------------------- Number of entries returned 2 ---------------------------- ### Various other filter/search options: [root@vm1 ~]# ipa pkinit-status --server vm1.example.test ---------------- 1 server matched ---------------- Server name: vm1.example.test PKINIT status: enabled ---------------------------- Number of entries returned 1 ---------------------------- [root@vm1 ~]# ipa pkinit-status --server vm2.example.test ---------------- 1 server matched ---------------- Server name: vm2.example.test PKINIT status: disabled ---------------------------- Number of entries returned 1 ---------------------------- [root@vm1 ~]# ipa pkinit-status --status='disabled' ---------------- 1 server matched ---------------- Server name: vm2.example.test PKINIT status: disabled ---------------------------- Number of entries returned 1 ---------------------------- [root@vm1 ~]# ipa pkinit-status --status='enabled' ---------------- 1 server matched ---------------- Server name: vm1.example.test PKINIT status: enabled ---------------------------- Number of entries returned 1 ---------------------------- [root@vm1 ~]# ipa pkinit-status --status='enabled' --raw ---------------- 1 server matched ---------------- server_server: vm1.example.test status: enabled ---------------------------- Number of entries returned 1 ---------------------------- ### ipa config-show: [root@vm1 ~]# ipa config-show|grep -i pkinit IPA master capable of PKINIT: vm1.example.test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |