[Freeipa-devel] Fedora12: Looping detected inside krb5_get_in_tkt

To help ensure that my new UI patch wont break our daily builds, I've tried building it under Fedora 12 as it has python-assets and python-wehjit. It builds fine, but when I kinit, I get this error: [r...@fedora12 ~]# kinit ad...@example.com Password for ad...@example.com: kinit: Looping detecte

[Freeipa-devel] [PATCH] 295 client Makefile target

This adds a few new targets to the top-level Makefile, most notably client and client-rpms. Using this you can more easily build just the client pieces of IPA. rob freeipa-295-client.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature __

Re: [Freeipa-devel] [PATCH] 286 cache installer questions

Rob Crittenden wrote: > Martin Nagy wrote: > > Hi Rob, > > > > On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote: > >> Installing a CA that is signed by another CA is a 2-step process. The > >> first step is to generate a CSR for the CA and the second step is to > >> install the certificat

Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join

Martin Nagy wrote: Rob Crittenden wrote: Martin Nagy wrote: On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: Add a man page for the new ipa-join command. rob +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ] Can

Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join

Rob Crittenden wrote: > Martin Nagy wrote: > > On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: > >> Add a man page for the new ipa-join command. > >> > >> rob > > > > +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR > > bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\f

Re: [Freeipa-devel] Re: [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.

On Mon, 2009-10-12 at 10:22 -0400, Rob Crittenden wrote: > Pavel Zuna wrote: > > Rob Crittenden wrote: > >> Pavel Zuna wrote: > >>> The method was returning tuples instead of strings in both plugins > >>> causing a mess in other plugins, when displaying netgroup/HBAC > >>> information. > >>> > >>

[Freeipa-devel] [PATCH] 294 sleep before doing a task

One of the last steps of an install is to run through any updates. This change adds a sleep() prior to calling tasks to ensure postop writes are done We were seeing a rare deadlock of DS when creating the memberOf task because one thread was adding memberOf in a postop while another was tryin

[Freeipa-devel] [PATCH] 293 use fqdn

Use getfqdn() instead of the gethostname(). self.ca_host could end up as the same value as self.host and if this isn't fully-qualified then SSL client requests won't work (we query the CA over SSL). rob freeipa-293-fqdn.patch Description: application/mbox smime.p7s Description: S/MIME Crypt

[Freeipa-devel] Re: [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.

Pavel Zuna wrote: Rob Crittenden wrote: Pavel Zuna wrote: The method was returning tuples instead of strings in both plugins causing a mess in other plugins, when displaying netgroup/HBAC information. Pavel Assuming that the primary key doesn't exist, what meaning does returning '' have?

Re: [Freeipa-devel] [PATCH] 292 use proper objectclass for rolegroups

Pavel Zuna wrote: Rob Crittenden wrote: I was using groupofnames for rolegroups but trying to add memberof to it (bad). Use nestedgroup instead. rob ack. Pavel pushed to master smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-d

Re: [Freeipa-devel] [PATCH] 291 use DS memberof plugin

Martin Nagy wrote: On Fri, 2009-10-09 at 17:29 -0400, Rob Crittenden wrote: Use the DS memberof plugin instead of the one contained in the IPA source. I'm not removing that source yet, simply not building or configuring it. rob Looks good to me. Ack. Martin pushed to master smime.p7s D

Re: [Freeipa-devel] [PATCH] 287 improve ipa-join

Martin Nagy wrote: On Wed, 2009-10-07 at 16:51 -0400, Rob Crittenden wrote: I ran ipa-join on some not properly-configured clients and found a bunch of corner cases that are fixed here. This improves debugging and standard output considerably. rob Ack. Martin pushed to master smime.p7s

Re: [Freeipa-devel] [PATCH] 289 fix host admin acis

Rob Crittenden wrote: It appears I missed a couple of ACI's when we changed the DN format of hosts. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 292 use proper objectclass for rolegroups

Rob Crittenden wrote: I was using groupofnames for rolegroups but trying to add memberof to it (bad). Use nestedgroup instead. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-de

Re: [Freeipa-devel] [PATCH] 288 man page for ipa-join

Martin Nagy wrote: On Thu, 2009-10-08 at 11:11 -0400, Rob Crittenden wrote: Add a man page for the new ipa-join command. rob +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk bind password ] [ \fB\-d\fR ] [ \fB\-q\fR ] Can you use something like bulk-bind-password

Re: [Freeipa-devel] [PATCH] 286 cache installer questions

Martin Nagy wrote: Hi Rob, On Wed, 2009-10-07 at 10:57 -0400, Rob Crittenden wrote: Installing a CA that is signed by another CA is a 2-step process. The first step is to generate a CSR for the CA and the second step is to install the certificate issued by the external CA. To avoid asking que