Issue #4336: [RFE] Extend Vault functionality to IPA instances signed by an external CA - freeipa

freeipa

#4336 [RFE] Extend Vault functionality to IPA instances signed by an external CA

Opened 11 years ago by vakwetu. Modified 8 years ago

Currently the patches being developed to include a DRM into IPA presuppose the installation of a Dogtag CA. That Dogtag CA is used to generate the required system certificates. In addition, a connector is automatically set up between the CA and KRA to allow the escrow of encryption keys for user certs,

There is, however, a DRM option that does not include a Dogtag CA. This standalone KRA would obtain its system certificates from an external CA and would be used only for vault like functionality -- ie. the storage and retrieval of secrets.

This ticket is an RFE for the code changes needed to allow a standalone DRM to be installed on a non Dogtag CA IPA instance.

Metadata Update from @vakwetu:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog

8 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Ticket Backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

KRA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

freeipa

Source Code

#4336 [RFE] Extend Vault functionality to IPA instances signed by an external CA Opened 11 years ago by vakwetu. Modified 8 years ago

Close issue as:

Metadata

#4336 [RFE] Extend Vault functionality to IPA instances signed by an external CA

Opened 11 years ago by vakwetu. Modified 8 years ago