On 06/11/2014 09:18 PM, Fraser Tweedale wrote:
On Wed, Jun 11, 2014 at 08:55:20AM -0400, John Dennis wrote:
On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
There are other use cases for user certificates, e.g. client
authentication for HTTP or other network services. Perhaps you know
of others
On Wed, Jun 11, 2014 at 08:55:20AM -0400, John Dennis wrote:
> On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
> > There are other use cases for user certificates, e.g. client
> > authentication for HTTP or other network services. Perhaps you know
> > of others - in which case let us know.
>
> 802
On Wed, 2014-06-11 at 14:24 +0200, Jan Cholasta wrote:
> Hi,
>
> On 13.5.2014 18:40, Nathaniel McCallum wrote:
> > On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
> >> This patch adds support for importing tokens using RFC 6030 key
> >> container files. This includes decryption suppor
On Wed, 2014-06-11 at 17:03 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
> >> On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
> >>> On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
> On Mon, 2014-06-09 at 20:
Simo Sorce wrote:
> On Tue, 2014-06-10 at 14:27 -0400, Nathaniel McCallum wrote:
>> On Tue, 2014-06-10 at 12:02 -0400, Simo Sorce wrote:
>>> On Mon, 2014-06-09 at 21:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 20:58 -0400, Simo Sorce wrote:
> On Mon, 2014-06-09 at 17:53 -0400
On Tue, 2014-06-10 at 20:13 -0400, Simo Sorce wrote:
> Still upgrading my server, so still untested, but again just to catch
> style issues, I'll post news once I can test the changes do not break
> functionality.
I finished upgrading the server and redone my functional testing.
Both getting ad se
On Wed, 2014-06-11 at 20:50 +0200, Petr Viktorin wrote:
> On 06/11/2014 08:17 PM, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 13:54 -0400, Simo Sorce wrote:
> >> On Wed, 2014-06-11 at 13:36 -0400, Simo Sorce wrote:
> >>> Ok now ipa-ldap-updater does a lot more and passes through schema
> >>> upgrad
On 06/11/2014 08:17 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 13:54 -0400, Simo Sorce wrote:
On Wed, 2014-06-11 at 13:36 -0400, Simo Sorce wrote:
Ok now ipa-ldap-updater does a lot more and passes through schema
upgrade, however it fails again later complaining ipaVirtualOperation
is
an unkno
On Wed, 2014-06-11 at 13:54 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 13:36 -0400, Simo Sorce wrote:
> > Ok now ipa-ldap-updater does a lot more and passes through schema
> > upgrade, however it fails again later complaining ipaVirtualOperation
> > is
> > an unknown object class ..
>
> Ok I
On Wed, 2014-06-11 at 13:36 -0400, Simo Sorce wrote:
> Ok now ipa-ldap-updater does a lot more and passes through schema
> upgrade, however it fails again later complaining ipaVirtualOperation
> is
> an unknown object class ..
Ok I manually added ipaVirtualOperation to user99.ldif, and the updater
On Wed, 2014-06-11 at 13:30 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote:
> > On 06/11/2014 06:58 PM, Simo Sorce wrote:
> > > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
> > >> On 06/11/2014 06:45 PM, Simo Sorce wrote:
> > >>> On Wed, 2014-06-11 at 1
On Wed, 2014-06-11 at 13:32 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 13:30 -0400, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote:
> > > On 06/11/2014 06:58 PM, Simo Sorce wrote:
> > > > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
> > > >> On 06/11/2
On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote:
> On 06/11/2014 06:58 PM, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
> >> On 06/11/2014 06:45 PM, Simo Sorce wrote:
> >>> On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> On Wed, 2014-06-11
On Wed, 2014-06-11 at 13:07 -0400, John Dennis wrote:
> On 06/11/2014 12:12 PM, Nathaniel McCallum wrote:
> > On Wed, 2014-06-11 at 08:55 -0400, John Dennis wrote:
> >> On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
> >>> There are other use cases for user certificates, e.g. client
> >>> authentica
On 06/11/2014 06:58 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
On 06/11/2014 06:45 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
Do the installed schema files have i
On 06/11/2014 12:12 PM, Nathaniel McCallum wrote:
> On Wed, 2014-06-11 at 08:55 -0400, John Dennis wrote:
>> On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
>>> There are other use cases for user certificates, e.g. client
>>> authentication for HTTP or other network services. Perhaps you know
>>> o
On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
> On 06/11/2014 06:45 PM, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> >> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
>
> >>
> >> Do the installed schema files have ipatokenHOTP? Did you dump t
On Wed, 2014-06-11 at 12:47 -0400, Nathaniel McCallum wrote:
> On Wed, 2014-06-11 at 12:45 -0400, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> > > On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
> > > > On Wed, 2014-06-11 at 11:09 +0200, Petr Viktorin wr
On Wed, 2014-06-11 at 11:08 +0200, Tomas Babej wrote:
> Hi,
>
> As due to possible race conditions, the preop.pin might not be
> written in the CS.cfg at the time installer tries to read it.
>
> In case no value for preop.pin was found, retry until timeout
> was reached.
>
> https://fedorahosted
On 06/11/2014 06:45 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
Do the installed schema files have ipatokenHOTP? Did you dump the schema
from 389DS to see if this object class is present?
They are n
On Wed, 2014-06-11 at 12:45 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> > On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
> > > On Wed, 2014-06-11 at 11:09 +0200, Petr Viktorin wrote:
> > > > On 06/11/2014 02:48 AM, Simo Sorce wrote:
> > > > > I ma
On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
> > On Wed, 2014-06-11 at 11:09 +0200, Petr Viktorin wrote:
> > > On 06/11/2014 02:48 AM, Simo Sorce wrote:
> > > > I ma getting a failure to login in the UI
> > > >
> > > > The error
On Wed, 2014-06-11 at 12:12 +0200, Ludwig Krispenz wrote:
> On 05/13/2014 04:33 PM, Jan Cholasta wrote:
> > On 12.5.2014 21:02, Nathaniel McCallum wrote:
> >> On Thu, 2014-05-08 at 13:51 -0400, Simo Sorce wrote:
> >>> On Thu, 2014-05-08 at 12:26 -0400, Nathaniel McCallum wrote:
> On Wed, 2014-
Patch 0578 does the conversion
Patch 0579 fixes https://fedorahosted.org/freeipa/ticket/4252 and
provides permissions needed for automatic enrollment (from
http://projects.theforeman.org/projects/foreman/wiki/IPASmartProxyUser)
--
PetrĀ³
From 7b138f8170cfce71f6cec55ad21cb27a2ef581b1 Mon Sep 1
On Wed, 2014-06-11 at 13:26 +0200, Petr Spacek wrote:
> Hello,
>
> Fix --ttl description for DNS zones
>
> TTL specified in idnsZone object class affects all records at zone apex,
> not only SOA record.
>
> I have realized that current description is incorrect when I was doing doc
> review.
AC
On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 11:09 +0200, Petr Viktorin wrote:
> > On 06/11/2014 02:48 AM, Simo Sorce wrote:
> > > I ma getting a failure to login in the UI
> > >
> > > The error is somewhere in ldap/schema/subentry.py
> > >
> > > KeyError: 'ipattoken
On Wed, 2014-06-11 at 15:08 +0200, Petr Vobornik wrote:
> `memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now
> enabled/disabled based on `cmdcategory` as well.
>
> https://fedorahosted.org/freeipa/ticket/4361
ACK
I'm curious about the lack of space around the '+' operator in
Hello,
This patch (RFE 3813) is related to the stageuser plugin that
handle the workflow from/to Stage users.
ipa stageuser-add [--from-delete] []
ipa stageuser-mod
ipa stageuser-del
ipa stageuser-find
ipa stageuser-show
On Wed, 2014-06-11 at 08:55 -0400, John Dennis wrote:
> On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
> > There are other use cases for user certificates, e.g. client
> > authentication for HTTP or other network services. Perhaps you know
> > of others - in which case let us know.
>
> 802.11 wir
On Wed, 2014-06-11 at 15:04 +0200, Petr Vobornik wrote:
> Update widget status text on update.
ACK
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, 2014-06-11 at 15:07 +0200, Petr Vobornik wrote:
> Interface for setting default group is hidden when user doesn't have
> necessary rights or if there is some error while loading the state.
>
> https://fedorahosted.org/freeipa/ticket/4356
ACK
__
On Wed, 2014-06-11 at 15:09 +0200, Petr Vobornik wrote:
> part of
> https://fedorahosted.org/freeipa/ticket/2348
ACK
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 6/11/2014 6:06 AM, Petr Vobornik wrote:
1. If I recall correctly, a new user is required to change the password
upon the initial login. This can be done with kinit, but can this be
done via UI too? Right now a new user will get a login error without any
message or link to reset the password.
On 9.6.2014 16:08, Nathaniel McCallum wrote:
On Mon, 2014-06-09 at 15:59 +0200, Martin Basti wrote:
Patch attached.
View the patch for more details.
ACK
Pushed to master: d2d0da01526af41739e0eeef4273fcb71e40abc9
--
Petr Vobornik
___
Freeipa-devel
On 06/10/2014 05:38 PM, Nathaniel McCallum wrote:
> On Tue, 2014-06-10 at 16:33 +0200, Martin Basti wrote:
>> DNS requires absolute zone name, host must provide it.
>> IDNA patch caused this.
>>
>> Patch attached.
>
> ACK
Pushed to master.
Martin
___
Patch set contains both API/server and Web UI parts.
[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP support
[PATCH] 662 webui: support password change with OTP in login screen
[PATCH] 663 webu
part of
https://fedorahosted.org/freeipa/ticket/2348
--
Petr Vobornik
From c2f35f0a185d7c93137c053796cd3f457846725d Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Thu, 29 May 2014 14:57:29 +0200
Subject: [PATCH] webui: add sudoorder field to sudo rule page
part of
https://fedorahosted.org/fr
`memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now
enabled/disabled based on `cmdcategory` as well.
https://fedorahosted.org/freeipa/ticket/4361
--
Petr Vobornik
From 782a0472adb32dbae45cc4243bed092d4b0f315e Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Thu, 29 May 2014
Interface for setting default group is hidden when user doesn't have
necessary rights or if there is some error while loading the state.
https://fedorahosted.org/freeipa/ticket/4356
--
Petr Vobornik
From 317d407dbb76a0a6d54075eea435d2809314ce9b Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date:
It enables declarative extraction of values from partial
results of a batch commands and also further extensibility
in custom adapters.
The default adapter has detection logic for this extraction so
it can use bare record or extract data from normal or batch RPC
command.
Minor change of user plu
Update widget status text on update.
--
Petr Vobornik
From f03a810d7faa7981c750a61f4cbf6af5924744e4 Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Wed, 28 May 2014 16:08:23 +0200
Subject: [PATCH] webui: fix SSH Key widget update
Update widget status text on update.
---
install/ui/src/freeip
On 11.6.2014 13:29, Martin Kosek wrote:
On 06/11/2014 10:58 AM, Jan Cholasta wrote:
On 10.6.2014 09:55, Martin Kosek wrote:
On 06/06/2014 12:50 PM, Jan Cholasta wrote:
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan Cholast
On 06/11/2014 04:02 AM, Fraser Tweedale wrote:
> There are other use cases for user certificates, e.g. client
> authentication for HTTP or other network services. Perhaps you know
> of others - in which case let us know.
802.11 wireless authentication using EAP-TLS
A common discussion on the RAD
On Wed, 2014-06-11 at 11:09 +0200, Petr Viktorin wrote:
> On 06/11/2014 02:48 AM, Simo Sorce wrote:
> > I ma getting a failure to login in the UI
> >
> > The error is somewhere in ldap/schema/subentry.py
> >
> > KeyError: 'ipattokenhotp'
> >
> > A schema update may have failed I guess ?
> > but run
Hi,
On 13.5.2014 18:40, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
This patch adds support for importing tokens using RFC 6030 key
container files. This includes decryption support. For sysadmin sanity,
any tokens which fail to add will be written to
On 10.6.2014 23:12, Endi Sukma Dewata wrote:
On 5/27/2014 5:50 AM, Petr Vobornik wrote:
using browser history when unauthenticated causes transition to
the original and/or preceding facets. But nothing works since
all commands fail due to expired credentials in session.
These changes make sure
On 10.6.2014 23:11, Endi Sukma Dewata wrote:
On 5/29/2014 10:15 AM, Petr Vobornik wrote:
On 27.5.2014 12:49, Petr Vobornik wrote:
Dialog instances no longer directly call IPA.opened_dialog methods. It's
handled through events (decoupled from dialog's POV). IPA.open_dialogs
with assistance of Ap
On 06/11/2014 10:58 AM, Jan Cholasta wrote:
> On 10.6.2014 09:55, Martin Kosek wrote:
>> On 06/06/2014 12:50 PM, Jan Cholasta wrote:
>>> On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
> On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote:
>> On 22.1.201
Hello,
Fix --ttl description for DNS zones
TTL specified in idnsZone object class affects all records at zone apex,
not only SOA record.
I have realized that current description is incorrect when I was doing doc
review.
--
Petr^2 Spacek
From 1643277c1489ae72f18ac9cd280373350a09faf2 Mon Sep 17
On 06/10/2014 04:28 PM, Martin Kosek wrote:
On 06/10/2014 03:22 PM, Petr Viktorin wrote:
On 06/10/2014 01:30 PM, Martin Kosek wrote:
On 06/10/2014 10:05 AM, Petr Viktorin wrote:
On 06/09/2014 08:08 PM, Petr Viktorin wrote:
Having another verification tool should help reviewing the permission
On 10.6.2014 23:10, Endi Sukma Dewata wrote:
On 5/15/2014 8:58 AM, Petr Vobornik wrote:
Just an idea:
there is only one top level item in self service menu -> no point of
having this level.
This patch replaces top level with second menu level
original:
* http://pvoborni.fedorapeople.org/image
On 05/13/2014 04:33 PM, Jan Cholasta wrote:
On 12.5.2014 21:02, Nathaniel McCallum wrote:
On Thu, 2014-05-08 at 13:51 -0400, Simo Sorce wrote:
On Thu, 2014-05-08 at 12:26 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 11:17 -0400, Simo Sorce wrote:
On Wed, 2014-05-07 at 09:54 -0400,
On 06/11/2014 11:32 AM, Jan Cholasta wrote:
On 6.6.2014 19:04, Nathaniel McCallum wrote:
On Thu, 2014-06-05 at 08:45 +0200, Jan Cholasta wrote:
On 28.5.2014 22:44, Nathaniel McCallum wrote:
On Mon, 2014-05-26 at 16:57 +0200, Jan Cholasta wrote:
On 13.5.2014 19:12, Nathaniel McCallum wrote:
On 6.6.2014 19:04, Nathaniel McCallum wrote:
On Thu, 2014-06-05 at 08:45 +0200, Jan Cholasta wrote:
On 28.5.2014 22:44, Nathaniel McCallum wrote:
On Mon, 2014-05-26 at 16:57 +0200, Jan Cholasta wrote:
On 13.5.2014 19:12, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 16:33 +0200, Jan Cholast
On 06/11/2014 02:48 AM, Simo Sorce wrote:
I ma getting a failure to login in the UI
The error is somewhere in ldap/schema/subentry.py
KeyError: 'ipattokenhotp'
A schema update may have failed I guess ?
but running ipa-ldap-updater doesn't help ...
Ideas ?
Do you have the full traceback?
-
Hi,
As due to possible race conditions, the preop.pin might not be
written in the CS.cfg at the time installer tries to read it.
In case no value for preop.pin was found, retry until timeout
was reached.
https://fedorahosted.org/freeipa/ticket/3382
(applies on ipa-3-0 branch)
--
Tomas Babej
A
On 10.6.2014 09:55, Martin Kosek wrote:
On 06/06/2014 12:50 PM, Jan Cholasta wrote:
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote:
On 22.1.2014 15:34, Simo Sorce wrote:
On Wed, 2014-01-22 at 10:40 +0100, Ja
On 10.6.2014 23:10, Endi Sukma Dewata wrote:
On 4/30/2014 5:28 AM, Petr Vobornik wrote:
Web UI part of pviktori-543
https://fedorahosted.org/freeipa/ticket/3801
ACK.
Pushed to master: 9c97bbd347b89634a844726c5d1f0ef39df4d139
--
Petr Vobornik
___
On 10.6.2014 23:10, Endi Sukma Dewata wrote:
On 5/14/2014 9:41 AM, Petr Vobornik wrote:
GID field should be enabled by default since the default group is posix.
Was caused by option_widget_base not properly reporting value change
while
selecting the default value. It has to be notified with del
Hi all,
Use cases are emerging for user certificates in FreeIPA. Some
include:
- VPN certificates. A user logs into an IPA domain. They are not
connected to a wired network so a background service (SSSD or
other) acquires a short-lived client certificate for connecting to
the company VPN
On 06/10/2014 07:11 PM, Petr Vobornik wrote:
> On 10.6.2014 17:29, Nathaniel McCallum wrote:
>> On Tue, 2014-06-10 at 16:45 +0200, Jan Cholasta wrote:
>>> Hi,
>>>
>>> On 6.6.2014 20:33, Nathaniel McCallum wrote:
I kept seeing the old plugin registration style when writing/reviewing
code a
61 matches
Mail list logo