Bug 2070411

Summary: [RHEL9] [RFE] Support Certificate Auto Enrollment in Samba
Product: Red Hat Enterprise Linux 9 Reporter: Sunny Wu <suwu>
Component: sambaAssignee: Andreas Schneider <asn>
Status: NEW --- QA Contact: Denis Karpelevich <dkarpele>
Severity: low Docs Contact:
Priority: unspecified    
Version: 9.0CC: aboscatt, asn, dchen, dkarpele, gdeschner
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Story
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sunny Wu 2022-03-31 06:28:09 UTC 
The next stable release of Samba (4.16) introduces a new feature, Certificate auto enrolment: https://wiki.samba.org/index.php/Certificate_Auto_Enrollment

To achieve this functionality, Samba leverages a number of third party components, most of which are not available as RPM packages.

The components for which RPMs are not available are:
* SSCEP - https://github.com/certnanny/sscep
* Oddjob-gpupdate - https://github.com/openSUSE/oddjob-gpupdate
* cepces - https://github.com/openSUSE/cepces

I would like to request that Red Hat create RPMs for these components  and include them when Samba 4.16 is released to the official RHEL repositories.
Comment 9 Ding-Yi Chen 2022-06-17 00:16:34 UTC 
I have file package review request:

Bug 2097925 - Review Request: cepces - Certificate Enrollment through CEP/CES

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2097925

Looking for reviewer.
Comment 10 Andreas Schneider 2022-06-24 12:36:30 UTC 
Thank you very muck. I've picked it up for review. However we probably want to fix cepces first to use GSSAPI https://github.com/openSUSE/cepces/pull/18