[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5283 * `master` * 0b069085cc6cb472b6c8841a26107ee1d48222ee - Add dyndns_auth_ptr support """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-700667271 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ > Do I understand it correctly that this patch fixes #5274? If yes, can you > please add: > > ``` > Resolves: https://github.com/SSSD/sssd/issues/5274 > ``` > > to the commit message? Done """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-70062 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support pbrezina commented: """ Do I understand it correctly that this patch fixes https://github.com/SSSD/sssd/issues/5274? If yes, can you please add: ``` Resolves: https://github.com/SSSD/sssd/issues/5274? ``` to the commit message? """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-700613044 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support sumit-bose commented: """ Hi, after some reading I tested this patch with the bind update policy `grant * tcp-self * PTR;` for the reverse zone. This allows a client with a matching IP address to update its own record without any special TSIG key. But so far I was not able to reject all other types of updates so in my test environment gss-tsig for the reverse zone worked as well, but by checking the logs on the client and server side I could see that gss-tsig was only used to update the entry for the forward zone while no keys where used to update the reverse zone. Al least in my test setup I had to add dyndns_force_tcp = True dyndns_server = ipaserver75.rhel75.devel besides `dyndns_auth_ptr = none` because the version of `nsupdate` I used was not able to automatically switch to TCP (required by bind to allow the update) and also didn't pick the right DNS server for the update of the reverse zone. Nevertheless, all tests were working as expected, so ACK. Thanks for your patience. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-699824497 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ > Hi, > > I'm fine with the patch but I still would like to understand how to test this > behavior. Which settings do you need for your environment > > ``` > dyndns_auth = none > dyndns_auth_ptr = GSS-TSIG > ``` Yes, that way. Still too much legacy EQ not speaking GSS-TSIG so only GSS-TSIG on RDNS """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-693211402 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support sumit-bose commented: """ Hi, I'm fine with the patch but I still would like to understand how to test this behavior. Which settings do you need for your environment dyndns_auth = none dyndns_auth_ptr = GSS-TSIG or the other way round? bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-693202438 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ @sumit-bose , mind setting this PR in Reviewed status? """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-692733807 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ I would really appreciate if this could be merged to master, then I can install sssd on a few more computers that uses master """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-688194108 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support alexey-tikhonov commented: """ > > Is there any reason to have two patches instead squashing into single? > > Just wanted to show what I changed, I can squash into one commit, NP Thank you. """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685366334 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ > Hi, > > thank you for the patch. Except a minor issue I'm fine with the patch. Thanks > > I wonder if you can give an example configuration how to configure a DNS > server for asymmetrical authentication so that the patch can be tested > properly. I cannot, don't have access to these servers. Sorry """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685071593 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ > Is there any reason to have two patches instead squashing into single? Just wanted to show what I changed, I can squash into one commit, NP """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685070637 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support alexey-tikhonov commented: """ Is there any reason to have two patches instead squashing into single? """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685037385 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support sumit-bose commented: """ Hi, thank you for the patch. Except a minor issue I'm fine with the patch. I wonder if you can give an example configuration how to configure a DNS server for asymmetrical authentication so that the patch can be tested properly. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-684703946 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ @sumit-bose , could you have a look at this PR? """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-681910420 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5283][comment] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support joakim-tjernlund commented: """ See issue https://github.com/SSSD/sssd/issues/5274 """ See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-675923680 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org