bc0c606 Add CA ACL plugin

16 files Authored by ftweedal 10 years ago, Committed by jcholast 10 years ago,
    Add CA ACL plugin
    
    Implement the caacl commands, which are used to indicate which
    principals may be issued certificates from which (sub-)CAs, using
    which profiles.
    
    At this commit, and until sub-CAs are implemented, all rules refer
    to the top-level CA (represented as ".") and no ca-ref argument is
    exposed.
    
    Also, during install and upgrade add a default CA ACL that permits
    certificate issuance for all hosts and services using the profile
    'caIPAserviceCert' on the top-level CA.
    
    Part of: https://fedorahosted.org/freeipa/ticket/57
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
    
        
file modified
+10 -0
file modified
+184 -0
file modified
+2 -2
file modified
+1 -0
file modified
+20 -0
file modified
+1 -0
file modified
+1 -0