A username/password is provided to an IPA administrator to be used to make the initial connection to an entitlement server. This initial request results in a cert and key in PEM format. All subsequent communication to the entitlement server (get entitlements, return entitlements, query, etc) will be done using this cert/key for authentication.
We need to share this key/cert with all other replicas. It is possible that one or more replicas could be created by the time this cert/key is created so storing the value in LDAP is the easiest way to share it.
We need a daemon that will:
We want to store the private key in LDAP but will encrypt it. There are a number of options available to us for the encryption key but I think I'll go with one of the following:
I'm using the Apache certificate database password to encrypt the userpkcs12 attribute.
master: 275998f
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
Login to comment on this ticket.