bc0c606 Add CA ACL plugin

16 files Authored by ftweedal 6 years ago, Committed by jcholast 6 years ago,
    Add CA ACL plugin
    
    Implement the caacl commands, which are used to indicate which
    principals may be issued certificates from which (sub-)CAs, using
    which profiles.
    
    At this commit, and until sub-CAs are implemented, all rules refer
    to the top-level CA (represented as ".") and no ca-ref argument is
    exposed.
    
    Also, during install and upgrade add a default CA ACL that permits
    certificate issuance for all hosts and services using the profile
    'caIPAserviceCert' on the top-level CA.
    
    Part of: https://fedorahosted.org/freeipa/ticket/57
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
    
        
file modified
+10 -0
file modified
+184 -0
file modified
+2 -2
file modified
+1 -0
file modified
+20 -0
file modified
+1 -0
file modified
+1 -0