#4140 Configure the NSS shared database model in IPA servers
Closed: fixed 3 years ago Opened 7 years ago by rcritten.

NSS supports using sqlite for its security databases. The three servers that IPA currently talks to still use the DB format: mod_nss, dogtag and 389-ds.

As those products switch to supporting the sqlite database so should IPA. In some cases it is more that the server has tested and supports the sqlite format (389-ds and mod_nss) and in others it manages the database itself so requires full support (dogtag).

Related tickets/bugs:

dogtag

389-ds

mod_nss


Related ticket - #4449. We may also consider stopping storing the CA certificate in /etc/pki/nssdb at all and just store&verify it in the system-wide store (#3504). This would remove obstacles in FIPS deployments which do not like password-less/world readable NSS databases.

The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.

If anyone is willing to help and contribute to this one, please let us know!

Metadata Update from @rcritten:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

4 years ago

FreeIPA 4.7 uses and requires shared NSS database (aka sqlite).

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue set to the milestone: FreeIPA 4.7 (was: Future Releases)

3 years ago

Login to comment on this ticket.

Metadata