On Fri, 2014-05-23 at 22:57 -0400, James wrote:
> On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
> > No, but those need to be accessible to the user, I think you can
> > create
> > a meta-package that contains those password when you create the first
> > master, encrypted in a gpg file with p
On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
> No, but those need to be accessible to the user, I think you can
> create
> a meta-package that contains those password when you create the first
> master, encrypted in a gpg file with private keys only stored in the
> freeipa servers.
I do som
On Fri, 2014-05-23 at 21:26 -0400, James wrote:
> On Fri, May 23, 2014 at 7:49 PM, Simo Sorce wrote:
> > On Fri, 2014-05-23 at 17:16 -0400, James wrote:
> >> On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
> >> > One cannot easily improve ipa-replica-prepare to work through LDAPI as
> >> >
On Fri, May 23, 2014 at 7:49 PM, Simo Sorce wrote:
> On Fri, 2014-05-23 at 17:16 -0400, James wrote:
>> On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
>> > One cannot easily improve ipa-replica-prepare to work through LDAPI as
>> > we also
>> > need to encypher the replica info package - a
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
> On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
> > One cannot easily improve ipa-replica-prepare to work through LDAPI as
> > we also
> > need to encypher the replica info package - and we cannot do that
> > without clear
> > text DM passwor
On Wed, 2014-05-14 at 14:08 -0400, Nathaniel McCallum wrote:
> Occasionally OTP tokens get out of sync with the server. When this
> happens, the user or an admin need to synchronize the token. To this
> end, we landed server-side synchronization support, which is a simple
> bind with a custom contr
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
> One cannot easily improve ipa-replica-prepare to work through LDAPI as
> we also
> need to encypher the replica info package - and we cannot do that
> without clear
> text DM password.
>
> The right way seems to be rather the RFE you filed:
On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote:
> I guess the question is more:
> If I am root is there any way to do the operation without providing
> the
> password but rather using something like LDAPI to drive the operation.
> The issue is that if you use puppet there is no way to get the
On Fri, 2014-05-23 at 12:42 +0200, Martin Kosek wrote:
> On 05/23/2014 07:01 AM, James wrote:
> > I'm trying to understand some of the FreeIPA replication internals so
> > that I can better know how to do this properly in Puppet without
> > storing any secret information in Puppet, and so that auto
On Fri, 2014-05-23 at 17:47 +0200, thierry bordaz wrote:
> About membership. I think it could be risky to keep membership in
> 'delete' or 'stage'. Those entries are not valid user and should not
> belong to any active group. Should we keep membership attributes in
> those state or let the plugi
On 05/23/2014 10:13 AM, Petr Viktorin wrote:
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM,
On Fri, 2014-05-23 at 17:18 +0200, thierry bordaz wrote:
> On 05/23/2014 05:03 PM, Simo Sorce wrote:
> > On Fri, 2014-05-23 at 10:07 +0200, thierry bordaz wrote:
> >> On 05/22/2014 07:21 PM, Simo Sorce wrote:
> >>> On Thu, 2014-05-22 at 17:52 +0200, thierry bordaz wrote:
> On 05/22/2014 04:38
On 05/23/2014 05:03 PM, Simo Sorce wrote:
On Fri, 2014-05-23 at 10:07 +0200, thierry bordaz wrote:
On 05/22/2014 07:21 PM, Simo Sorce wrote:
On Thu, 2014-05-22 at 17:52 +0200, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05
On Fri, 2014-05-23 at 10:07 +0200, thierry bordaz wrote:
> On 05/22/2014 07:21 PM, Simo Sorce wrote:
> > On Thu, 2014-05-22 at 17:52 +0200, thierry bordaz wrote:
> >> On 05/22/2014 04:38 PM, Martin Kosek wrote:
> >>> On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> On 05/21/2014 10:00 PM, Dmitri
On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
> This, I believe, has already been covered, but I'm concerned with the
> (over)use of active/inactive in this discussion.
>
> I think use of "inactive" and "active" to describe users might be
> confusing since there is already an account en
On Fri, 2014-05-23 at 08:33 +0200, Martin Kosek wrote:
> On 05/23/2014 07:48 AM, Jan Cholasta wrote:
> > On 22.5.2014 19:27, Simo Sorce wrote:
> >> On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
> >>> On 05/21/2014 10:11 PM, Dmitri Pal wrote:
> On 05/21/2014 03:06 PM, Martin Kosek wrot
On Fri, 2014-05-23 at 10:59 +0200, Martin Kosek wrote:
> On 05/22/2014 04:20 PM, Petr Viktorin wrote:
> > On 05/21/2014 12:14 PM, Simo Sorce wrote:
> >> On Wed, 2014-05-21 at 08:03 +0200, Martin Kosek wrote:
> >>> On 05/16/2014 04:33 PM, Petr Viktorin wrote:
> On 05/16/2014 01:54 PM, Martin Ko
On 05/20/2014 11:16 AM, Jan Cholasta wrote:
> On 20.5.2014 08:28, Martin Kosek wrote:
>> Hi there,
>>
>> I checked the update CA Certificate renewal feature design page and one part
>> seemed awkward to me:
>>
>> http://www.freeipa.org/page/V4/CA_certificate_renewal#Shared_certificate_store
>>
>> I
Martin Kosek wrote:
> On 05/23/2014 07:48 AM, Jan Cholasta wrote:
>> On 22.5.2014 19:27, Simo Sorce wrote:
>>> On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
> On 05/21/2014 03:06 PM, Martin Kosek wrote:
>> On 05/21/2014 08:14 PM, Simo
Dmitri Pal wrote:
> On 05/23/2014 06:42 AM, Martin Kosek wrote:
>> On 05/23/2014 07:01 AM, James wrote:
>>> I'm trying to understand some of the FreeIPA replication internals so
>>> that I can better know how to do this properly in Puppet without
>>> storing any secret information in Puppet, and so
On 05/23/2014 03:28 PM, Dmitri Pal wrote:
> On 05/23/2014 06:42 AM, Martin Kosek wrote:
>> On 05/23/2014 07:01 AM, James wrote:
>>> I'm trying to understand some of the FreeIPA replication internals so
>>> that I can better know how to do this properly in Puppet without
>>> storing any secret infor
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is awes
On 05/22/2014 04:03 PM, Petr Viktorin wrote:
> On 05/21/2014 08:08 AM, Martin Kosek wrote:
>> On 05/19/2014 03:27 PM, Petr Viktorin wrote:
>>> On 05/16/2014 02:00 PM, Martin Kosek wrote:
On 04/29/2014 11:02 PM, Petr Viktorin wrote:
> I didn't test this as much as I'd like to, but it might
On 05/23/2014 07:01 AM, James wrote:
> I'm trying to understand some of the FreeIPA replication internals so
> that I can better know how to do this properly in Puppet without
> storing any secret information in Puppet, and so that automating
> FreeIPA is awesome.
>
> Please point me to any docs,
On 05/23/2014 10:55 AM, Martin Kosek wrote:
On 05/23/2014 10:22 AM, thierry bordaz wrote:
On 05/23/2014 10:04 AM, Martin Kosek wrote:
On 05/23/2014 09:34 AM, thierry bordaz wrote:
...
3) inactivate the user
(active to inactive) ipa user-inactivate# (after the command
On 05/22/2014 04:20 PM, Petr Viktorin wrote:
> On 05/21/2014 12:14 PM, Simo Sorce wrote:
>> On Wed, 2014-05-21 at 08:03 +0200, Martin Kosek wrote:
>>> On 05/16/2014 04:33 PM, Petr Viktorin wrote:
On 05/16/2014 01:54 PM, Martin Kosek wrote:
> On 04/29/2014 11:00 PM, Petr Viktorin wrote:
>>>
On 05/23/2014 10:22 AM, thierry bordaz wrote:
> On 05/23/2014 10:04 AM, Martin Kosek wrote:
>> On 05/23/2014 09:34 AM, thierry bordaz wrote:
...
> 3) inactivate the user
>
> (active to inactive) ipa user-inactivate# (after the command
> ipaUniqueID=)
>
>>
On Fri, 23 May 2014, Jan Cholasta wrote:
On 22.5.2014 16:21, Nathaniel McCallum wrote:
I still need a review on this.
On Wed, 2014-05-07 at 10:06 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 15:54 +0200, Petr Vobornik wrote:
On 6.5.2014 17:07, Nathaniel McCallum wrote:
On Tue, 2014
On 23.5.2014 10:13, Petr Viktorin wrote:
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM, Mart
On Thu, 22 May 2014, Petr Viktorin wrote:
On 05/22/2014 05:13 PM, Petr Vobornik wrote:
On 22.5.2014 17:00, Nathaniel McCallum wrote:
On Thu, 2014-05-22 at 10:53 -0400, Nathaniel McCallum wrote:
On Thu, 2014-05-22 at 16:45 +0200, Petr Viktorin wrote:
On 05/22/2014 04:12 PM, Nathaniel McCallum
On 05/23/2014 10:04 AM, Martin Kosek wrote:
On 05/23/2014 09:34 AM, thierry bordaz wrote:
On 05/23/2014 08:29 AM, Martin Kosek wrote:
On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM,
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM, Martin Kosek wrote:
On 05/21/2014 08:14 PM, S
On 05/22/2014 07:21 PM, Simo Sorce wrote:
On Thu, 2014-05-22 at 17:52 +0200, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM, Dmitri Pal wrote:
On 05/19/2014 10:45 AM, thierry bordaz wrote:
On 05/19/2014 04
On 05/23/2014 09:34 AM, thierry bordaz wrote:
> On 05/23/2014 08:29 AM, Martin Kosek wrote:
>> On 05/22/2014 05:52 PM, thierry bordaz wrote:
>>> On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> On 05/21/2014 10:00 PM, Dmitri Pal wrote:
>> On 05
On 05/23/2014 08:29 AM, Martin Kosek wrote:
On 05/22/2014 05:52 PM, thierry bordaz wrote:
On 05/22/2014 04:38 PM, Martin Kosek wrote:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
On 05/21/2014 10:00 PM, Dmitri Pal wrote:
On 05/19/2014 10:45 AM, thierry bordaz wrote:
On 05/19/2014 04:44 PM, J
35 matches
Mail list logo
