Dne 8.11.2011 03:24, Adam Young napsal(a):
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldaps on port 636?
I guess secure connections are set up using STARTTLS.
Honza
--
Jan Cholasta
_
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
> I noticed that the PKI Directory server has a secure port set but the
> IPA DS instance does not:
>
> PKI
> nsslapd-secureport: 7390
>
> Why doesn IPA set up ldapson port 636?
I think you're confused. FreeIPA does indeed set up to lis
Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636?
I think you're confused. FreeIPA does indeed
How to test:
1) ipa-server-install -p secret123 -a secret123 --hostname
ipa.example.com
2) Continue in interactive wizard until IP address is requested (as
ipa.example.com cannot be resolved)
3) When it is entered and ipa-server-install gives this output:
# ipa-server-install -p kokos123 -a kokos
On 11/08/2011 08:43 AM, Rob Crittenden wrote:
Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636?
This patch fixes 2 coverity issues:
* ipa-client/config.c: CID 11090: Resource leak
* ipa-client/ipa-getkeytab.c: CID 11018: Unchecked return value
https://fedorahosted.org/freeipa/ticket/2035
>From 828dc2c448707fc48da97a2254d19db04e76fde2 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Tue,
Hello everyone,
there is a new effort in IPA and SSSD teams and that is SSH key integration in
both parts of SSSD-IPA infrastructure. We've put together some basic plans and
now we would like to know your opinion.
Note that this is just shortened version to make it easier to read. It doesn't
co
Hello everyone,
this is a follow-up on the email on OpenSSH integration - known_host. It
describes another scenario we want to address in the process of integrating
OpenSSH to SSSD-IPA infrastructure - user public keys and their central
management. As in the previous email, we would also like to
One issue I have been looking at recently is how to integrate PKI and
IPA at the auth level while keeping a clean separation.
We can extract the authentication from the servlet code, so it is
purely a matter of configuring the Tomcat instance Realm.
I wrote up a Proof of concept for just d
https://fedorahosted.org/freeipa/ticket/1961
The 'Keytab' filed in output of all 'user-*' commands was changed to
'Kerberos keys available'. In order to do this change for 'user-*'
commands only, the flag 'has_keytab' had to be removed from common
output parametrs in ipalib/baseldap.py. This c
These functions are leftovers from when the managed entries plugin was
being developed and not widely available. They are no longer needed.
rob
>From 3159ac686fa09b747d3908b8497254bce1b8f337 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 8 Nov 2011 11:33:46 -0500
Subject: [PATCH] Remo
Hi,
This is a great feature. It feels like I'm always re-installing VMs
and having to remove old SSH keys and re-accept new ones.
One feature I'd like is to have this working cross-realm. We have 2
IPA realms here and it would be great if I could configure SSSD to
check the local realm if I'm SSH
Don't allow one to set a blank list of default objectclasses in
cn=ipaconfig.
rob
>From 0d486f34eaf68384151a809da5d5d5749095f7d7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 8 Nov 2011 17:04:26 -0500
Subject: [PATCH] Don't allow default objectclass list to be empty.
https://fedorah
On 11/08/2011 02:56 PM, Dan Scott wrote:
> Hi,
>
> This is a great feature. It feels like I'm always re-installing VMs
> and having to remove old SSH keys and re-accept new ones.
>
> One feature I'd like is to have this working cross-realm. We have 2
> IPA realms here and it would be great if I cou
There are times we need to hunt through the certmonger request files
trying (such as trying to stop tracking a cert). One criteria is the
cert database and they need to match exactly. We weren't normalizing
this so something as simple as a trailing slash would cause a match to fail.
Normalize
On Tue, 2011-11-08 at 17:57 -0500, Dmitri Pal wrote:
> On 11/08/2011 02:56 PM, Dan Scott wrote:
> > Hi,
> >
> > This is a great feature. It feels like I'm always re-installing VMs
> > and having to remove old SSH keys and re-accept new ones.
> >
> > One feature I'd like is to have this working cros
On 11/08/2011 06:35 PM, Simo Sorce wrote:
> On Tue, 2011-11-08 at 17:57 -0500, Dmitri Pal wrote:
>> On 11/08/2011 02:56 PM, Dan Scott wrote:
>>> Hi,
>>>
>>> This is a great feature. It feels like I'm always re-installing VMs
>>> and having to remove old SSH keys and re-accept new ones.
>>>
>>> One
On Tue, 08 Nov 2011, Rob Crittenden wrote:
> Don't allow one to set a blank list of default objectclasses in
> cn=ipaconfig.
>
ACK
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/
On Wed, 2011-11-09 at 09:23 +0200, Alexander Bokovoy wrote:
> On Tue, 08 Nov 2011, Rob Crittenden wrote:
>
> > Don't allow one to set a blank list of default objectclasses in
> > cn=ipaconfig.
> >
> ACK
>
Pushed to master, ipa-2-1.
Martin
___
Freeip
19 matches
Mail list logo