John Dennis wrote:
Attached is a revised patch, it addresses the following concerns raised
during review:
* The version in ipa.conf has been bumped.
* Rob reported duplicate session cookies being returned. As far as I can
tell this was due to a Python bug where it reused the value of a default
keyword parameter from a previous invocation rather than re-initializing
it. Workaround is to change the default value from [] to the value to
None and create an empty list if the arg is None.
* Rob reported two test failures, one for ERRNO (e.g. **1234**) not
being present in the docstring for an error I added and the other was
for a change in the wsgi dispatch route() method that showed up in
test_rpcserver.py
The Requires on krb5-workstation is not required. The server requires
the client which requires it.
I think you need a more unique way of generating the ccache name when
doing the kinit (I'd use tempfile.mkstemp).
There is an incorrect comment in internal_error()
You want to return 401 Unauthorized and not 403 Forbidden on password
failures.
We shouldn't support the GET method as the password will appear in the logs:
192.168.0.1 - - [27/Feb/2012:13:46:31 -0500] "GET
/ipa/session/login_password?user=admin&password=password HTTP/1.1" 200 -
rog
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
