3ecea78
Configure PKI AJP Secret with 256-bit secret By default, PKI's AJP secret is generated as a 75-bit password. By generating it in IPA, we can guarantee the strength of the AJP secret. It makes sense to use a stronger AJP secret because it typically isn't rotated; access to AJP allows an attacker to impersonate an admin while talking to PKI. Fixes: https://pagure.io/freeipa/issue/8372 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1849146 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1845447 Related: https://github.com/dogtagpki/pki/pull/437 Signed-off-by: Alexander Scheel <ascheel@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>