dogtag-pki 10.2.6+git20160317-1 source package in Ubuntu
Changelog
dogtag-pki (10.2.6+git20160317-1) unstable; urgency=medium * update to current 10_2_6_BRANCH. - refresh patches - add pki-user-membership.1 to pki-tools - tomcat7-build-fix.diff: Dropped, upstream. * rules: Mark systemd units disabled by default. * use-usr-bin.diff: Updated. * use-root-homedir.diff: Force home_dir to be /root, so that ipa works right. * control: Add conflicts on strongswan-pki. * pki-server: Remove default.cfg, logs on purge. (Closes: #814636) * pki-base: Remove pki.conf on purge. (Closes: #804312) -- Timo Aaltonen <email address hidden> Tue, 05 Apr 2016 19:37:03 +0300
Upload details
- Uploaded by:
- Debian FreeIPA Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian FreeIPA Team
- Architectures:
- any all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Xenial | release | universe | misc |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
dogtag-pki_10.2.6+git20160317-1.dsc | 3.3 KiB | 323edad08b785d3c35efb9eb2ffd1afcff03972266b504f618609f41ccb6ebe2 |
dogtag-pki_10.2.6+git20160317.orig.tar.xz | 3.5 MiB | becd5f02202c45989cbf0ef878b528bb92bd3cd48f01b20cb4f02ce05eae9381 |
dogtag-pki_10.2.6+git20160317-1.debian.tar.xz | 27.6 KiB | 910b46a050cdfa2e72909b5243654cb57da3c24d77c42806fc1c3bfb6ec3c2e2 |
Available diffs
- diff from 10.2.6-3 to 10.2.6+git20160317-1 (128.5 KiB)
No changes file available.
Binary packages built by this source
- dogtag-pki: Dogtag Public Key Infrastructure (PKI) Suite
The Dogtag Public Key Infrastructure (PKI) Suite is comprised of the following
five subsystems and a client (for use by a Token Management System):
.
* Certificate Authority (CA)
* Data Recovery Manager (DRM)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing System (TPS)
* Enterprise Security Client (ESC)
.
Additionally, it provides a console GUI application used for server and
user/group administration of CA, DRM, OCSP, and TKS, javadocs on portions
of the Dogtag API, as well as various command-line tools used to assist with
a PKI deployment.
- dogtag-pki-console-theme: No summary available for dogtag-pki-console-theme in ubuntu yakkety.
No description available for dogtag-
pki-console- theme in ubuntu yakkety.
- dogtag-pki-server-theme: Certificate System - PKI Server User Interface
This PKI Common Framework User Interface contains the Dogtag
textual and graphical user interface for the PKI Common Framework.
.
This package is used by the Dogtag Certificate System.
- libsymkey-java: Symmetric Key Java library
The Symmetric Key Java library supplies various symmetric key operations
to Java programs.
.
This package is a part of the PKI Core used by the Certificate System.
- libsymkey-jni: No summary available for libsymkey-jni in ubuntu yakkety.
No description available for libsymkey-jni in ubuntu yakkety.
- libsymkey-jni-dbgsym: debug symbols for package libsymkey-jni
The Symmetric Key Java Native Interface (JNI) package supplies various native
symmetric key operations to Java programs.
.
This package is a part of the PKI Core used by the Certificate System.
- pki-base: Certificate System - PKI Framework
The PKI Framework contains the common and client libraries and utilities.
.
This package is a part of the PKI Core used by the Certificate System.
- pki-ca: Certificate System - Certificate Authority
The Certificate Authority (CA) is a required PKI subsystem which issues,
renews, revokes, and publishes certificates as well as compiling and
publishing Certificate Revocation Lists (CRLs).
.
The Certificate Authority can be configured as a self-signing Certificate
Authority, where it is the root CA, or it can act as a subordinate CA,
where it obtains its own signing certificate from a public CA.
.
This package is a part of the PKI Core used by the Certificate System.
- pki-console: No summary available for pki-console in ubuntu yakkety.
No description available for pki-console in ubuntu yakkety.
- pki-javadoc: No summary available for pki-javadoc in ubuntu yakkety.
No description available for pki-javadoc in ubuntu yakkety.
- pki-kra: Certificate System - Data Recovery Manager
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
.
The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
as a Key Recovery Authority (KRA). When configured in conjunction with the
Certificate Authority (CA), the DRM stores private encryption keys as part of
the certificate enrollment process. The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request. Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key. This key is then stored in
the DRM which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.
.
Note that the DRM archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.
- pki-ocsp: Certificate System - Online Certificate Status Protocol Manager
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
.
The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service. The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates. Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.
.
Although the Certificate Authority (CA) is already configured with an
internal OCSP service. An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.
.
The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.
.
When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.
- pki-server: No summary available for pki-server in ubuntu yakkety.
No description available for pki-server in ubuntu yakkety.
- pki-tks: Certificate System - Token Key Service
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
.
The Token Key Service (TKS) is an optional PKI subsystem that manages the
master key(s) and the transport key(s) required to generate and distribute
keys for hardware tokens. TKS provides the security between tokens and an
instance of Token Processing System (TPS), where the security relies upon the
relationship between the master key and the token keys. A TPS communicates
with a TKS over SSL using client authentication.
.
TKS helps establish a secure channel (signed and encrypted) between the token
and the TPS, provides proof of presence of the security token during
enrollment, and supports key changeover when the master key changes on the
TKS. Tokens with older keys will get new token keys.
.
Because of the sensitivity of the data that TKS manages, TKS should be set up
behind the firewall with restricted access.
- pki-tools: Certificate System - PKI Tools
This package contains PKI executables that can be used to help make
Certificate System into a more complete and robust PKI solution.
.
This package is a part of the PKI Core used by the Certificate System.
- pki-tools-dbgsym: No summary available for pki-tools-dbgsym in ubuntu yakkety.
No description available for pki-tools-dbgsym in ubuntu yakkety.
- pki-tps: Certificate System - Token Processing System
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
.
The Token Processing System (TPS) is an optional PKI subsystem that acts
as a Registration Authority (RA) for authenticating and processing
enrollment requests, PIN reset requests, and formatting requests from
the Enterprise Security Client (ESC).
.
TPS is designed to communicate with tokens that conform to
Global Platform's Open Platform Specification.
.
TPS communicates over SSL with various PKI backend subsystems (including
the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
Token Key Service (TKS)) to fulfill the user's requests.
.
TPS also interacts with the token database, an LDAP server that stores
information about individual tokens.
- pki-tps-client: Certificate System - Token Processing System client
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
.
The Token Processing System (TPS) is an optional PKI subsystem that acts
as a Registration Authority (RA) for authenticating and processing
enrollment requests, PIN reset requests, and formatting requests from
the Enterprise Security Client (ESC).
.
TPS is designed to communicate with tokens that conform to
Global Platform's Open Platform Specification.
.
TPS communicates over SSL with various PKI backend subsystems (including
the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
Token Key Service (TKS)) to fulfill the user's requests.
.
TPS also interacts with the token database, an LDAP server that stores
information about individual tokens.
.
This client is a test tool that interacts with TPS. It is useful to test
TPS server configs without risking an actual smart card.
- pki-tps-client-dbgsym: No summary available for pki-tps-client-dbgsym in ubuntu yakkety.
No description available for pki-tps-
client- dbgsym in ubuntu yakkety.