Drew Erny wrote:
Hi, freeipa-devel,
More newbie questions. I have what I believe to be a fix for Ticket
#2547 (https://fedorahosted.org/freeipa/ticket/2547) written, but I need
to test this fix. I need to migrate an LDAP database that is in the
previously expected for (all users and groups
On Thu, 28 May 2015, Martin Kosek wrote:
On 05/28/2015 04:27 PM, Drew Erny wrote:
In the ticket, however, it's stated that if the user wants to use any
combination of weird characters, they should be able to. Would it be better to
just define a function like
def validate_username(username,
On 05/28/2015 05:53 PM, Ludwig Krispenz wrote:
On 05/28/2015 05:35 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 17:18 +0200, Ludwig Krispenz wrote:
On 05/28/2015 05:03 PM, Martin Kosek wrote:
On 05/28/2015 04:59 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu,
Hi, freeipa-devel,
More newbie questions. I have what I believe to be a fix for Ticket
#2547 (https://fedorahosted.org/freeipa/ticket/2547) written, but I need
to test this fix. I need to migrate an LDAP database that is in the
previously expected for (all users and groups under 1 level) and
Ok, so should I write a regex that matches that broader pattern, and
only allow sudorules users to be added that follow those broader
restrictions?
On 05/28/2015 02:09 PM, Alexander Bokovoy wrote:
On Thu, 28 May 2015, Martin Kosek wrote:
On 05/28/2015 04:27 PM, Drew Erny wrote:
In the
On Thu, May 28, 2015 at 02:42:53PM +0200, Martin Basti wrote:
On 28/05/15 11:48, Martin Basti wrote:
On 27/05/15 16:04, Fraser Tweedale wrote:
Hello all,
Fresh certificate management patchset; Changelog:
- Now depends on patch freeipa-ftweedal-0014 for correct
cert-request behaviour with
On Wed, May 27, 2015 at 06:12:50PM +0200, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is already
multi-value). The revoke-previous-cert behaviour of
On 2015-05-28 10:02, Jan Cholasta wrote:
The python-kdcproxy package is a new dependency for the freeipa-server
package. It will always get installed with the server.
Why? None of the IPA core functionality depends on it, so it should be
optional. Also the overall trend in IPA is to have
On 05/27/2015 01:04 PM, Martin Kosek wrote:
On 05/26/2015 04:32 PM, Petr Spacek wrote:
On 26.5.2015 16:16, Martin Kosek wrote:
...
If you really want to avoid unforeseen issues rather go and get rid of
major.minor logic we have in the topology plugin right now :-)
Ludwig, I thought we
On 28.5.2015 07:42, Jan Cholasta wrote:
Dne 27.5.2015 v 15:54 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
ipa
On 05/27/2015 08:17 PM, Martin Basti wrote:
On 27/05/15 19:27, Rob Crittenden wrote:
Martin Basti wrote:
Thank you.
I haven't finished review yet, but I have few notes in case you will
modify the patch.
Please fix following issues:
3)
There are many PEP8 errors, can you fix some of
Dne 26.5.2015 v 16:32 Petr Spacek napsal(a):
On 26.5.2015 16:16, Martin Kosek wrote:
On 05/26/2015 04:13 PM, thierry bordaz wrote:
On 05/26/2015 02:12 PM, Petr Spacek wrote:
Hello,
it came to my mind that domain level for topology plugin should actually be
number 2, not 1.
We already used
On 28.5.2015 08:55, Jan Cholasta wrote:
Dne 26.5.2015 v 16:32 Petr Spacek napsal(a):
On 26.5.2015 16:16, Martin Kosek wrote:
On 05/26/2015 04:13 PM, thierry bordaz wrote:
On 05/26/2015 02:12 PM, Petr Spacek wrote:
Hello,
it came to my mind that domain level for topology plugin should
On 2015-05-28 07:32, Jan Cholasta wrote:
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
On 2015-05-27 15:51, Nathaniel McCallum wrote:
As I understand the problem, there is an assumption that an optional
component has a distinct service to start and stop. That is not the
case here. This is
On 05/27/2015 06:12 PM, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is already
multi-value). The revoke-previous-cert behaviour of host-mod and
user-mod
Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
On 2015-05-28 07:32, Jan Cholasta wrote:
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
On 2015-05-27 15:51, Nathaniel McCallum wrote:
As I understand the problem, there is an assumption that an optional
component has a distinct service to
On 05/28/2015 07:29 AM, Jan Cholasta wrote:
Dne 27.5.2015 v 15:51 Nathaniel McCallum napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
On 05/28/2015 10:02 AM, Jan Cholasta wrote:
Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
On 2015-05-28 07:32, Jan Cholasta wrote:
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
On 2015-05-27 15:51, Nathaniel McCallum wrote:
As I understand the problem, there is an assumption that an
On 05/27/2015 05:05 PM, Oleg Fayans wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
Hello all,
As FreeIPA 4.2 deadlines are approaching us slowly, there is a concern that
not
all of the new replica install way (replication-package-less) based on
Custodia
would be done and finished
Dne 27.5.2015 v 19:38 Rob Crittenden napsal(a):
Petr Vobornik wrote:
On 05/27/2015 05:46 PM, Alexander Bokovoy wrote:
On Wed, 27 May 2015, Rob Crittenden wrote:
Petr Vobornik wrote:
On 05/20/2015 06:02 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
Add a plugin to
On Thu, May 28, 2015 at 10:40:22AM +0200, Martin Basti wrote:
On 28/05/15 10:13, Fraser Tweedale wrote:
On Wed, May 27, 2015 at 06:12:50PM +0200, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is
On 28/05/15 10:46, Martin Kosek wrote:
On 05/27/2015 06:12 PM, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is already
multi-value). The
On 28/05/15 11:17, Fraser Tweedale wrote:
On Thu, May 28, 2015 at 10:40:22AM +0200, Martin Basti wrote:
On 28/05/15 10:13, Fraser Tweedale wrote:
On Wed, May 27, 2015 at 06:12:50PM +0200, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user
Dne 28.5.2015 v 12:53 Christian Heimes napsal(a):
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major disagreement, let us
start with enabling KDCPROXY by default during upgrade/install, the new ACI and
the per-replica standard configuration.
API
On 05/28/2015 11:48 AM, Martin Basti wrote:
On 27/05/15 16:04, Fraser Tweedale wrote:
Hello all,
Fresh certificate management patchset; Changelog:
- Now depends on patch freeipa-ftweedal-0014 for correct
cert-request behaviour with host and service principals.
- Updated Dogtag dependency
On Thu, 28 May 2015, Petr Spacek wrote:
On 28.5.2015 07:42, Jan Cholasta wrote:
Dne 27.5.2015 v 15:54 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa
On 05/28/2015 11:17 AM, Martin Basti wrote:
On 28/05/15 10:46, Martin Kosek wrote:
On 05/27/2015 06:12 PM, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is
Hi,
this couple of patches improves ID Views and ID overrides handling. See
commit messages for details.
Tomas
From 8acc50c10d9886668a0147b46f311f9aa83294bb Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 27 May 2015 14:31:13 +0200
Subject: [PATCH] idviews: Set dcerpc
On 28/05/15 12:53, Christian Heimes wrote:
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major disagreement, let us
start with enabling KDCPROXY by default during upgrade/install, the new ACI and
the per-replica standard configuration.
API CLI/UI
On 27/05/15 16:04, Fraser Tweedale wrote:
Hello all,
Fresh certificate management patchset; Changelog:
- Now depends on patch freeipa-ftweedal-0014 for correct
cert-request behaviour with host and service principals.
- Updated Dogtag dependency to 10.2.4-1. Should should be in f22
On 05/28/2015 12:27 PM, Alexander Bokovoy wrote:
On Thu, 28 May 2015, Christian Heimes wrote:
On 2015-05-28 12:10, Petr Spacek wrote:
I see. My question is - if we go this way, what is then the reasonable
subset
configuration functionality realistic for FreeIPA 4.2 GA? (As we want this
On 28.5.2015 11:59, Martin Kosek wrote:
On 05/28/2015 11:12 AM, Alexander Bokovoy wrote:
On Thu, 28 May 2015, Petr Spacek wrote:
On 28.5.2015 07:42, Jan Cholasta wrote:
Dne 27.5.2015 v 15:54 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43
On Thu, 28 May 2015, Christian Heimes wrote:
On 2015-05-28 12:10, Petr Spacek wrote:
I see. My question is - if we go this way, what is then the reasonable subset
configuration functionality realistic for FreeIPA 4.2 GA? (As we want this
feature in for 4.2). Is ipa-kdcproxy-manage doable?
What
On 28.5.2015 12:53, Christian Heimes wrote:
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major disagreement,
let us start with enabling KDCPROXY by default during upgrade/install,
the new ACI and the per-replica standard configuration.
API
Dne 28.5.2015 v 13:56 Christian Heimes napsal(a):
On 2015-05-28 13:30, Jan Cholasta wrote:
Dne 28.5.2015 v 12:53 Christian Heimes napsal(a):
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major
disagreement, let us
start with enabling KDCPROXY by
On 28/05/15 14:06, Christian Heimes wrote:
On 2015-05-28 13:29, Martin Basti wrote:
On 28/05/15 12:53, Christian Heimes wrote:
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major disagreement, let us
start with enabling KDCPROXY by default during
On Thu, 2015-05-28 at 14:43 +0200, Martin Babinsky wrote:
A small improvement upon simo's fix for
https://fedorahosted.org/freeipa/ticket/4914
--
Martin^3 Babinsky
LGTM.
Simo.
--
Manage your subscription for the Freeipa-devel mailing list:
On 05/28/2015 03:06 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 07:42 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:54 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta
On Thu, 2015-05-28 at 12:14 +0300, Alexander Bokovoy wrote:
On Thu, 28 May 2015, Martin Kosek wrote:
On 05/28/2015 10:02 AM, Jan Cholasta wrote:
Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
On 2015-05-28 07:32, Jan Cholasta wrote:
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
On
On 2015-05-28 13:30, Jan Cholasta wrote:
Dne 28.5.2015 v 12:53 Christian Heimes napsal(a):
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major
disagreement, let us
start with enabling KDCPROXY by default during upgrade/install, the
new ACI and
On 28/05/15 14:29, Petr Spacek wrote:
On 28.5.2015 12:06, Fraser Tweedale wrote:
On Thu, May 28, 2015 at 11:52:25AM +0200, Martin Kosek wrote:
On 05/28/2015 11:17 AM, Martin Basti wrote:
On 28/05/15 10:46, Martin Kosek wrote:
On 05/27/2015 06:12 PM, Martin Basti wrote:
On 27/05/15 15:53,
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek wrote:
On 28.5.2015 08:55, Jan Cholasta wrote:
Dne 26.5.2015 v 16:32 Petr Spacek napsal(a):
On 26.5.2015 16:16, Martin Kosek wrote:
On 05/26/2015 04:13 PM,
On 05/28/2015 03:52 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:39 +0200, Oleg Fayans wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek wrote:
On 28.5.2015
On Thu, 2015-05-28 at 16:04 +0200, Martin Kosek wrote:
On 05/28/2015 04:04 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:00 PM, Martin Kosek wrote:
On 05/28/2015 03:57 PM, Ludwig Krispenz wrote:
On 05/28/2015 03:47 PM, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Hi Simo,
On 05/28/2015 03:52 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:39 +0200, Oleg Fayans wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek wrote:
On
Hello,
thanks you for your input. The former thread has 58 messages in total.
Since last Friday we have came to an agreement in most points. I like to
some up our decisions and focus on some minor details.
decisions
-
python-kdcproxy will be installed as a dependency of freeipa-server.
On 05/28/2015 04:07 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
On 05/28/2015 04:00 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to
On Thu, 2015-05-28 at 16:02 +0200, Jan Cholasta wrote:
f3010498af2a4b98512d219b8e09101176c172fe.
This is perfect! Thanks a lot.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
On Thu, 2015-05-28 at 16:23 +0200, Oleg Fayans wrote:
Hi Simo,
On 05/28/2015 03:52 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:39 +0200, Oleg Fayans wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin
OK, I see now what you mean by that. That is a simpler solution. I'll do
it that way.
On 05/28/2015 04:44 AM, Martin Kosek wrote:
On 05/27/2015 08:41 PM, Drew Erny wrote:
Hey, Freeipa-devel,
I'm working on ticket #3226 (https://fedorahosted.org/freeipa/ticket/3226)
I've identified the
On 05/28/2015 02:29 PM, Petr Spacek wrote:
On 28.5.2015 12:06, Fraser Tweedale wrote:
On Thu, May 28, 2015 at 11:52:25AM +0200, Martin Kosek wrote:
On 05/28/2015 11:17 AM, Martin Basti wrote:
On 28/05/15 10:46, Martin Kosek wrote:
On 05/27/2015 06:12 PM, Martin Basti wrote:
On 27/05/15
On 05/28/2015 04:00 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered infra enabled
With respect to related Simo's response in
Dne 28.5.2015 v 16:00 Simo Sorce napsal(a):
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered infra enabled
With respect to related Simo's response in
On 05/28/2015 04:04 PM, Martin Kosek wrote:
On 05/28/2015 04:04 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:00 PM, Martin Kosek wrote:
On 05/28/2015 03:57 PM, Ludwig Krispenz wrote:
On 05/28/2015 03:47 PM, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
-
On 05/28/2015 04:17 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:04 +0200, Martin Kosek wrote:
On 05/28/2015 04:04 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:00 PM, Martin Kosek wrote:
On 05/28/2015 03:57 PM, Ludwig Krispenz wrote:
On 05/28/2015 03:47 PM, Martin Kosek wrote:
On
On Thu, 2015-05-28 at 15:43 +0200, Martin Kosek wrote:
On 05/28/2015 02:29 PM, Petr Spacek wrote:
On 28.5.2015 12:06, Fraser Tweedale wrote:
On Thu, May 28, 2015 at 11:52:25AM +0200, Martin Kosek wrote:
On 05/28/2015 11:17 AM, Martin Basti wrote:
On 28/05/15 10:46, Martin Kosek wrote:
On 05/28/2015 03:47 PM, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered infra enabled
With respect to related Simo's response in
On 28.5.2015 15:43, Martin Kosek wrote:
On 05/28/2015 02:29 PM, Petr Spacek wrote:
On 28.5.2015 12:06, Fraser Tweedale wrote:
On Thu, May 28, 2015 at 11:52:25AM +0200, Martin Kosek wrote:
On 05/28/2015 11:17 AM, Martin Basti wrote:
On 28/05/15 10:46, Martin Kosek wrote:
On 05/27/2015 06:12
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered infra enabled
With respect to related Simo's response in
On 05/28/2015 03:57 PM, Ludwig Krispenz wrote:
On 05/28/2015 03:47 PM, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered infra enabled
With respect to related Simo's response in
On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
On 05/28/2015 04:00 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek wrote:
...
Domain Levels
- Done, committed
- Defaults to Level 1, i.e. Topology plugin powered
On 28/05/15 16:29, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:23 +0200, Oleg Fayans wrote:
Hi Simo,
On 05/28/2015 03:52 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:39 +0200, Oleg Fayans wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek wrote:
On 28.5.2015 08:55, Jan Cholasta wrote:
Dne
On Thu, 2015-05-28 at 10:48 -0400, Nathaniel McCallum wrote:
On Thu, 2015-05-28 at 16:34 +0200, Christian Heimes wrote:
Hello,
thanks you for your input. The former thread has 58 messages in
total.
Since last Friday we have came to an agreement in most points. I like
to
some up
On Thu, 2015-05-28 at 10:46 -0400, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek
On Thu, 2015-05-28 at 16:14 +0200, Martin Kosek wrote:
On 05/28/2015 04:07 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
On 05/28/2015 04:00 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/27/2015 04:59 PM, Martin Kosek
On 2015-05-28 16:53, Simo Sorce wrote:
We can't have 2 different keytabs with the same principal name.
If we need privilege separation we'll have to work on integrating
GSS-Proxy and give the keytab only to GSS-Proxy leaving it off the hands
of both the framework, the proxy, and apache itself.
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On 05/28/2015 09:05 AM, Petr Spacek wrote:
On
On 2015-05-28 16:48, Nathaniel McCallum wrote:
An apache module would also provide similar benefits. I'm not sure I
necessarily want to stick with python here if we're optimizing for
performance. Another option would be to add it to the KDC itself and
proxy through Apache like we do for
On 05/28/2015 04:27 PM, Drew Erny wrote:
In the ticket, however, it's stated that if the user wants to use any
combination of weird characters, they should be able to. Would it be better to
just define a function like
def validate_username(username, ignore_pattern=False):
and have it
On Thu, 2015-05-28 at 16:59 +0200, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek
On 05/28/2015 05:03 PM, Martin Kosek wrote:
On 05/28/2015 04:59 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On
On 05/28/2015 04:57 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:14 +0200, Martin Kosek wrote:
On 05/28/2015 04:07 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 16:02 +0200, Martin Kosek wrote:
On 05/28/2015 04:00 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:47 +0200, Martin Kosek wrote:
On 05/28/2015 04:59 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 14:11 +0200, Petr Spacek wrote:
On 28.5.2015 10:49, Martin Kosek wrote:
On
On Thu, 2015-05-28 at 16:34 +0200, Christian Heimes wrote:
Hello,
thanks you for your input. The former thread has 58 messages in
total.
Since last Friday we have came to an agreement in most points. I like
to
some up our decisions and focus on some minor details.
decisions
-
On Thu, 2015-05-28 at 17:07 +0200, Christian Heimes wrote:
On 2015-05-28 16:48, Nathaniel McCallum wrote:
An apache module would also provide similar benefits. I'm not sure
I
necessarily want to stick with python here if we're optimizing for
performance. Another option would be to add it
On Thu, 2015-05-28 at 17:00 +0200, Christian Heimes wrote:
On 2015-05-28 16:53, Simo Sorce wrote:
We can't have 2 different keytabs with the same principal name.
If we need privilege separation we'll have to work on integrating
GSS-Proxy and give the keytab only to GSS-Proxy leaving it off
On 2015-05-28 17:10, Simo Sorce wrote:
On Thu, 2015-05-28 at 17:00 +0200, Christian Heimes wrote:
On 2015-05-28 16:53, Simo Sorce wrote:
We can't have 2 different keytabs with the same principal name.
If we need privilege separation we'll have to work on integrating
GSS-Proxy and give the
Simo Sorce wrote:
On Thu, 2015-05-28 at 17:00 +0200, Christian Heimes wrote:
On 2015-05-28 16:53, Simo Sorce wrote:
We can't have 2 different keytabs with the same principal name.
If we need privilege separation we'll have to work on integrating
GSS-Proxy and give the keytab only to GSS-Proxy
On 2015-05-28 13:29, Martin Basti wrote:
On 28/05/15 12:53, Christian Heimes wrote:
On 2015-05-28 12:46, Martin Kosek wrote:
I am fine with this too. So if there is not another major disagreement, let
us
start with enabling KDCPROXY by default during upgrade/install, the new ACI
and
the
Hi,
functionality seems to work fine. I have not checked the code thoroughly.
Kind of a test is attached (requires setting named's ldap connection
appropriately).
ACK
Matúš Honěk
- Original Message -
From: Petr Spacek pspa...@redhat.com
To: tho...@redhat.com, Matus Honek
On 05/28/2015 05:35 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 17:18 +0200, Ludwig Krispenz wrote:
On 05/28/2015 05:03 PM, Martin Kosek wrote:
On 05/28/2015 04:59 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On Thu, 2015-05-28 at 17:13 +0200, Christian Heimes wrote:
On 2015-05-28 17:10, Simo Sorce wrote:
On Thu, 2015-05-28 at 17:00 +0200, Christian Heimes wrote:
On 2015-05-28 16:53, Simo Sorce wrote:
We can't have 2 different keytabs with the same principal name.
If we need privilege
On Thu, 2015-05-28 at 17:18 +0200, Ludwig Krispenz wrote:
On 05/28/2015 05:03 PM, Martin Kosek wrote:
On 05/28/2015 04:59 PM, Ludwig Krispenz wrote:
On 05/28/2015 04:46 PM, Simo Sorce wrote:
On Thu, 2015-05-28 at 15:54 +0200, Ludwig Krispenz wrote:
On 05/28/2015 03:26 PM, Simo Sorce
84 matches
Mail list logo