[Freeipa-devel] [freeipa PR#6038][opened] PoC: support new KDB version for Bronze Bit changes

URL: https://github.com/freeipa/freeipa/pull/6038 Author: frozencemetery Title: #6038: PoC: support new KDB version for Bronze Bit changes Action: opened PR body: """ (#5788 again as requested) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git

[Freeipa-devel] [freeipa PR#5788][opened] WIP: Bronze Bit KDB fixes

URL: https://github.com/freeipa/freeipa/pull/5788 Author: frozencemetery Title: #5788: WIP: Bronze Bit KDB fixes Action: opened PR body: """ A WIP PR for this branch as requested. It is expected to not pass CI, which is for two reasons. First, it needs the [krb5

[Freeipa-devel] [freeipa PR#5452][closed] Change NameType of custodia client's service

URL: https://github.com/freeipa/freeipa/pull/5452 Author: frozencemetery Title: #5452: Change NameType of custodia client's service Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5452/head:pr5452 git checkout

[Freeipa-devel] [freeipa PR#5452][opened] Change NameType of custodia client's service

URL: https://github.com/freeipa/freeipa/pull/5452 Author: frozencemetery Title: #5452: Change NameType of custodia client's service Action: opened PR body: """ Using hostbased_service for initiators hits an unresolved corner case in Kerberos with respect to realm selection and

[Freeipa-devel] [freeipa PR#5409][opened] Set client keytab location for 389ds

URL: https://github.com/freeipa/freeipa/pull/5409 Author: frozencemetery Title: #5409: Set client keytab location for 389ds Action: opened PR body: """ Handles behavior change in https://github.com/389ds/389-ds-base/pull/4523 (It may be preferable to wait until the 389ds PR is closed, but I

[Freeipa-devel] [freeipa PR#5281][opened] Fix scope on pytest fixture in krbtpolicy tests

URL: https://github.com/freeipa/freeipa/pull/5281 Author: frozencemetery Title: #5281: Fix scope on pytest fixture in krbtpolicy tests Action: opened PR body: """ 0d67180f7d2d0c6b5856db7061c44521f6a13c23 introduced the with_admin fixture using class scope, which caused test failures as pytest

[Freeipa-devel] [freeipa PR#5245][opened] ipa-kdb: implement AS-REQ lifetime jitter

URL: https://github.com/freeipa/freeipa/pull/5245 Author: frozencemetery Title: #5245: ipa-kdb: implement AS-REQ lifetime jitter Action: opened PR body: """ Jitter is always enabled, so there is no additional configuration. Update design docs to fix rationale and include information about

[Freeipa-devel] [freeipa PR#4126][opened] Support KDB DAL version 8.0

URL: https://github.com/freeipa/freeipa/pull/4126 Author: frozencemetery Title: #4126: Support KDB DAL version 8.0 Action: opened PR body: """ A krb5 build containing the 1.18 beta - which has this KDB version - can be found here for testing:

[Freeipa-devel] [freeipa PR#3842][opened] [KDB] various code hygiene fixes

URL: https://github.com/freeipa/freeipa/pull/3842 Author: frozencemetery Title: #3842: [KDB] various code hygiene fixes Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3842/head:pr3842 git

[Freeipa-devel] [freeipa PR#3835][opened] Provide modern example enctypes in ipa-getkeytab(1)

URL: https://github.com/freeipa/freeipa/pull/3835 Author: frozencemetery Title: #3835: Provide modern example enctypes in ipa-getkeytab(1) Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#3702][opened] [KDB] Fix segfault in ipadb_parse_ldap_entry()

URL: https://github.com/freeipa/freeipa/pull/3702 Author: frozencemetery Title: #3702: [KDB] Fix segfault in ipadb_parse_ldap_entry() Action: opened PR body: """ lcontext may be NULL here, probably due to a restarted 389ds. Based on a patch by Rob Crittenden. Signed-off-by: Robbie Harwood

[Freeipa-devel] [freeipa PR#3622][opened] Fix two error paths aroundd ipadb_get_global_config()

URL: https://github.com/freeipa/freeipa/pull/3622 Author: frozencemetery Title: #3622: Fix two error paths aroundd ipadb_get_global_config() Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#2147][closed] Add a skeleton kdcpolicy plugin

URL: https://github.com/freeipa/freeipa/pull/2147 Author: frozencemetery Title: #2147: Add a skeleton kdcpolicy plugin Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2147/head:pr2147 git checkout pr2147

[Freeipa-devel] [freeipa PR#3025][opened] Fix unnecessary usrmerge assumptions

URL: https://github.com/freeipa/freeipa/pull/3025 Author: frozencemetery Title: #3025: Fix unnecessary usrmerge assumptions Action: opened PR body: """ On non-usrmerge systems (e.g., Debian), bash, mv, cp, cat, tail, keyctl, and gzip live in /bin, not /usr/bin. On usrmerge systems, /bin is a

[Freeipa-devel] [freeipa PR#3009][closed] Drop upper bound on krb5 version in freeipa.spec

URL: https://github.com/freeipa/freeipa/pull/3009 Author: frozencemetery Title: #3009: Drop upper bound on krb5 version in freeipa.spec Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3009/head:pr3009 git

[Freeipa-devel] [freeipa PR#3009][opened] Drop upper bound on krb5 version in freeipa.spec

URL: https://github.com/freeipa/freeipa/pull/3009 Author: frozencemetery Title: #3009: Drop upper bound on krb5 version in freeipa.spec Action: opened PR body: """ This check is no longer needed now that krb5 exports the KDB version. Signed-off-by: Robbie Harwood """ To pull the PR as Git

[Freeipa-devel] [freeipa PR#2283][opened] Clear next field when returnining list elements in queue.c

URL: https://github.com/freeipa/freeipa/pull/2283 Author: frozencemetery Title: #2283: Clear next field when returnining list elements in queue.c Action: opened PR body: """ The ipa-otpd code occasionally removes elements from one queue, inspects and modifies them, and then inserts them into

[Freeipa-devel] [freeipa PR#2147][opened] Add a skeleton kdcpolicy plugin

URL: https://github.com/freeipa/freeipa/pull/2147 Author: frozencemetery Title: #2147: Add a skeleton kdcpolicy plugin Action: opened PR body: """ Signed-off-by: Robbie Harwood Back in krb5-1.16 (and in RHEL-7.5), I added the [kdcpolicy

[Freeipa-devel] [freeipa PR#1980][opened] Fix elements not being removed in otpd_queue_pop_msgid()

URL: https://github.com/freeipa/freeipa/pull/1980 Author: frozencemetery Title: #1980: Fix elements not being removed in otpd_queue_pop_msgid() Action: opened PR body: """ If the element being removed were not the queue head, otpd_queue_pop_msgid() would not actually remove the element,

[Freeipa-devel] [freeipa PR#1898][opened] Move krb5 snippet into freeipa-client-common

URL: https://github.com/freeipa/freeipa/pull/1898 Author: frozencemetery Title: #1898: Move krb5 snippet into freeipa-client-common Action: opened PR body: """ Also move /usr/share/ipa into freeipa-common by necessity. https://pagure.io/freeipa/issue/7524 I've also opened

[Freeipa-devel] [freeipa PR#1747][opened] Enable SPAKE support where avilable

URL: https://github.com/freeipa/freeipa/pull/1747 Author: frozencemetery Title: #1747: Enable SPAKE support where avilable Action: opened PR body: """ Because krb5 silently ignores unrecognized options, this is safe on all versions. It lands upstream in krb5-1.17; in Fedora, it was added in

[Freeipa-devel] [freeipa PR#1671][opened] Log errors from NSS during FIPS OTP key import

URL: https://github.com/freeipa/freeipa/pull/1671 Author: frozencemetery Title: #1671: Log errors from NSS during FIPS OTP key import Action: opened PR body: """ This is the requested logging from #1621 """ To pull the PR as Git branch: git remote add ghfreeipa