Bug 2143224
Summary: | [RFE] add certificate support to ipa-client instead of one time password | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Alexander Bokovoy <abokovoy> |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | medium | Docs Contact: | Alexandra Nikandrova <anikandr> |
Priority: | unspecified | ||
Version: | 9.1 | CC: | abokovoy, afarley, amaumene, cheimes, elpereir, frenaud, ipa-qe, lmcgarry, myusuf, pasik, rcritten, sumenon, tscherf |
Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.10.1-1.el9 | Doc Type: | Enhancement |
Doc Text: |
.`ipa-client-install` now supports authentication with PKINIT
Previously, the `ipa-client-install` supported only password based authentication. This update provides support to `ipa-client-install` for authentication with PKINIT.
For example:
----
ipa-client-install --pkinit-identity=FILE:/path/to/cert.pem,/path/to/key.pem --pkinit-anchor=FILE:/path/to/cacerts.pem
----
To use the PKINIT authentication, you must establish trust between IdM and the CA chain of the PKINIT certificate. For more information see the `ipa-cacert-manage(1)` man page. Also, the certificate identity mapping rules must map the PKINIT certificate of the host to a principal that has permission to add or modify a host record. For more information see the `ipa certmaprule-add` man page.
|
Story Points: | --- |
Clone Of: | 2075452 | Environment: | |
Last Closed: | 2023-05-09 07:32:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2075452 | ||
Bug Blocks: |
Description
Alexander Bokovoy
2022-11-16 12:00:17 UTC
Fixed upstream master: https://pagure.io/freeipa/c/dbebed2e3a8d3d27e7344bec0d829364891bb00b === Tickets fixed === https://pagure.io/freeipa/issue/9269 https://pagure.io/freeipa/issue/9271 Fixed upstream ipa-4-10: https://pagure.io/freeipa/c/9d902d340793d01aa6b65d01a1facaf480819526 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/80da53eaada1b5ad61b8cff2f9ed1217fea600c9 Upstream ticket: https://pagure.io/freeipa/issue/9269 Upstream ticket: https://pagure.io/freeipa/issue/9271 version: ipa-client-4.10.1-1.el9.x86_64 ipa-server-4.10.1-1.el9.x86_64 ============================= test session starts ============================== platform linux -- Python 3.9.16, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3 cachedir: /home/cloud-user/.pytest_cache metadata: {'Python': '3.9.16', 'Platform': 'Linux-5.14.0-218.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '6.2.2', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.7.0', 'multihost': '3.0', 'html': '3.1.1', 'sourceorder': '0.6.0'}} rootdir: /usr/lib/python3.9/site-packages/ipatests plugins: metadata-1.7.0, multihost-3.0, html-3.1.1, sourceorder-0.6.0 collecting ... collected 1 item test_integration/test_pkinit_install.py::TestPkinitClientInstall::test_client_install_pkinit PASSED [100%] =============================== warnings summary =============================== ../pytest_sourceorder.py:31 /usr/lib/python3.9/site-packages/pytest_sourceorder.py:31: PytestUnknownMarkWarning: Unknown pytest.mark.source_order - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/mark.html cls = pytest.mark.source_order(cls) -- Docs: https://docs.pytest.org/en/stable/warnings.html ---------------- generated xml file: /home/cloud-user/junit.xml ---------------- ----------- generated html file: file:///home/cloud-user/report.html ----------- =================== 1 passed, 1 warning in 688.41s (0:11:28) =================== Automation passed, hence marking the bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2205 |