orion / freeipa

Forked from freeipa 5 years ago
Clone
Source Code
GIT

5f8d111 Make sure remote hosts have our keys

2 files Authored by simo 7 years ago, Committed by tkrizek 7 years ago,
raw patch tree parent
2 files changed. 39 lines added. 1 lines removed.
ipaserver/install/custodiainstance.py
file modified
+27 -1
ipaserver/secrets/kem.py
file modified
+12 -0 
    Make sure remote hosts have our keys
    
    In complex replication setups a replica may try to obtain CA keys from a
    host that is not the master we initially create the keys against.
    In this case race conditions may happen due to replication. So we need
    to make sure the server we are contacting to get the CA keys has our
    keys in LDAP. We do this by waiting to positively fetch our encryption
    public key (the last one we create) from the target host LDAP server.
    
    Fixes: https://pagure.io/freeipa/issue/6838
    
    Signed-off-by: Simo Sorce <simo@redhat.com>
    Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+27 -1
file modified
+12 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.