Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Domain Controller role should support setting up the Vault #54

Open
simo5 opened this issue Oct 22, 2015 · 1 comment
Open

The Domain Controller role should support setting up the Vault #54

simo5 opened this issue Oct 22, 2015 · 1 comment
Assignees
@nphilipp
Labels
enhancement Nice-to-have
Milestone
Fedora 24 Alpha

Comments

@simo5
Copy link

simo5 commented Oct 22, 2015

In the latest version FreeIPA has a new "Vault" feature based on dogtag's KRA component.
This feature is used to provide a secure storage option for domain users for things like passwords/keys etc... It may also provide escrow access for admins.

The feature is installed providing the --setup-kra option to the main installer or by invoking ipa-kra-install
@sgallagher sgallagher added this to the Fedora 24 Alpha milestone Nov 10, 2015
@sgallagher
Copy link
Contributor

From the rolekit meeting today, we will need to support gracefully failing back if the underlying freeipa-server-install doesn't support --setup-kra.

If the arguments explicitly request the KRA, we will use --setup-kra and fail if it is unsupported. If the argument is left to the defaults, we will attempt to pass --setup-kra and then retry without it if we get an error back. This is consistent with our behavior on other optional components (installing them by default).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nphilipp nphilipp

Labels
enhancement Nice-to-have
Projects
None yet
Milestone
Fedora 24 Alpha
Development

No branches or pull requests
3 participants
@sgallagher @nphilipp @simo5