Hi folks! I thought this might be of interest to the FreeIPA community,
so I thought I'd write it up here in case anyone missed it elsewhere.
I work on the Fedora QA team, and we have been using the openQA
automated test system (developed by our friends at SUSE) to run various
functional tests on
Hi,
Simo and I wrote an article on how to debug FreeIPA 4.5 privilege
separation code. It is not about debugging, in fact, but on where to
look for various types of logs and how to interpret them. The article
also provides a high level explanation of how privilege separation in
FreeIPA works and
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
We can probably defer.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/746#issuecomment-298087667
--
Manage your subscription for the Freeipa-devel mailing list:
https:
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: edited
Changed field: body
Original value:
"""
Automatic creation of KDC proxy URI records
Enables creation of following KDC proxy URL records per each replica:
```
_kerbe
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/746/head:pr746
git checkout pr746
From 0c6e1bf34b92cfe
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
MartinBasti commented:
"""
@simo5 not really a 4.5 material then
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/746#issuecomment-298039065
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
@MartinBasti In this case we need a way to tell the system what are the
priorities and which protocols are enabled, priorities are important too,
admins need to be able to change them as th
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
MartinBasti commented:
"""
@simo5 we don't support manual changes of IPA system records, it is regenerated
automatically, so any manual changes are overwritten when: new replica is
added/replica is removed/user
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
I am not entirely sure we want to care for the cse where an admin disables KDC
Proxy in an automatic fashion; otherwise we would also need to check if TCP or
UDP are disabled and change tha
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: edited
Changed field: body
Original value:
"""
Automatic creation of KDC proxy URI records
Enables creation of following KDC proxy URL records per each replica:
```
_kerbe
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/746/head:pr746
git checkout pr746
From d79bc35de7315c9
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/746/head:pr746
git checkout pr746
From 342158b9f427057
URL: https://github.com/freeipa/freeipa/pull/750
Title: #750: Fixed typo in ipa-client-install help output
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contrib
URL: https://github.com/freeipa/freeipa/pull/750
Author: tscherf
Title: #750: Fixed typo in ipa-client-install help output
Action: opened
PR body:
"""
Fixed typo in option "--all-ip-addresses" from "ipa-client-install".
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://githu
URL: https://github.com/freeipa/freeipa/pull/749
Author: olivergs
Title: #749: Added plugins directory to python2-ipaclient subpackage
Action: opened
PR body:
"""
Subpackage does not own that directory and could create conflicts if a plugin
creates it on its onwn
"""
To pull the PR as Git br
URL: https://github.com/freeipa/freeipa/pull/744
Title: #744: [4.5] Correct PyPI package dependencies
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/744
Title: #744: [4.5] Correct PyPI package dependencies
tomaskrizek commented:
"""
ipa-4-5:
* b91ee1294bb3139f3d9df62c75dd429a5821bf40 Correct PyPI package dependencies
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/744#issu
URL: https://github.com/freeipa/freeipa/pull/744
Author: tiran
Title: #744: [4.5] Correct PyPI package dependencies
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/744/head:pr744
git checkout pr744
--
Manage you
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
tomaskrizek commented:
"""
master:
* 3a4c8e39c3e38ec651cfcbb3cac59e0e92e04fe0 restore: restart/reload gssproxy
after restore
ipa-4-5:
* 04ed1fa3acdf002ecc37dde4f5d226c0fbe5aa30 resto
URL: https://github.com/freeipa/freeipa/pull/748
Author: pvoborni
Title: #748: restore: restart/reload gssproxy after restore
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/748/head:pr748
git checkout pr748
--
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Co
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contr
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
tomaskrizek commented:
"""
Ok, everything looks good then.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/748#issuecomment-297990127
--
Manage your subscription fo
URL: https://github.com/freeipa/freeipa/pull/744
Title: #744: [4.5] Correct PyPI package dependencies
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/C
URL: https://github.com/freeipa/freeipa/pull/732
Title: #732: ipa-custodia: use Dogtag's alias/pwdfile.txt
MartinBasti commented:
"""
Postponing, ticket milestone is 4.7
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/732#issuecomment-297988800
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/732
Title: #732: ipa-custodia: use Dogtag's alias/pwdfile.txt
Label: +postponed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/C
On 28.04.2017 14:17, Tomas Krizek wrote:
On 04/28/2017 10:15 AM, Petr Vobornik wrote:
Hi all,
I created "blocker" tag for FreeIPA Git Hub PRs.
It is should be used to mark PRs which solves test blocker or other
functional blockers - e.g. blocks creation of demo. I.e. should be
used rather ra
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
pvoborni commented:
"""
Should work:
```
def debian_service_class_factory(name, api=None):
if name == 'dirsrv':
return redhat_services.RedHatDirectoryService(name, api)
i
URL: https://github.com/freeipa/freeipa/pull/729
Author: pvomacka
Title: #729: Turn on NSSOCSP check in mod_nss conf
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/729/head:pr729
git checkout pr729
From 2d
On 04/28/2017 10:15 AM, Petr Vobornik wrote:
> Hi all,
>
> I created "blocker" tag for FreeIPA Git Hub PRs.
>
> It is should be used to mark PRs which solves test blocker or other
> functional blockers - e.g. blocks creation of demo. I.e. should be
> used rather rarely.
>
> I don't like the tag nam
URL: https://github.com/freeipa/freeipa/pull/733
Title: #733: [4.5] Fix CA/server cert validation in FIPS
MartinBasti commented:
"""
ipa-4-5:
* 651d132b701b773b2bbeb41496d6c5ddbf6d19b3 Fix CA/server cert validation in FIPS
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/
URL: https://github.com/freeipa/freeipa/pull/733
Author: stlaz
Title: #733: [4.5] Fix CA/server cert validation in FIPS
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/733/head:pr733
git checkout pr733
--
Manage
URL: https://github.com/freeipa/freeipa/pull/733
Title: #733: [4.5] Fix CA/server cert validation in FIPS
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contr
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
tomaskrizek commented:
"""
How is this patch going to work for Debian? Shouldn't we also implement
`reload_or_restart` for `DebianSysvService`?
"""
See the full comment at
https://gith
URL: https://github.com/freeipa/freeipa/pull/735
Title: #735: automount install: do not wait for sssd restart on uninstallation
MartinBasti commented:
"""
master:
* b4e447fa6fc7d659ae6a3b6285d4ddda0baa0be4 automount install: fix checking of
SSSD functionality on uninstall
ipa-4-5:
* ff513d6
URL: https://github.com/freeipa/freeipa/pull/735
Title: #735: automount install: do not wait for sssd restart on uninstallation
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.
URL: https://github.com/freeipa/freeipa/pull/735
Author: pvoborni
Title: #735: automount install: do not wait for sssd restart on uninstallation
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/735/head:pr735
git
URL: https://github.com/freeipa/freeipa/pull/733
Author: stlaz
Title: #733: [4.5] Fix CA/server cert validation in FIPS
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/733/head:pr733
git checkout pr733
From
URL: https://github.com/freeipa/freeipa/pull/735
Title: #735: automount install: do not wait for sssd restart on uninstallation
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.fre
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
MartinBasti commented:
"""
master:
* d5c41ed4ad370c7d74296a830993a5bd3fd32e5f vault: piped input for ipa vault-add
fails
ipa-4-5:
* c8ca0f89a68b5d57c56344fdeb12fd436976c726 vault: piped
URL: https://github.com/freeipa/freeipa/pull/747
Author: flo-renaud
Title: #747: vault: piped input for ipa vault-add fails
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/747/head:pr747
git checkout pr747
--
Ma
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contri
URL: https://github.com/freeipa/freeipa/pull/741
Title: #741: 6.9 -> 7.4 migration fixes
stlaz commented:
"""
For the record - the tests are passing on my machine, etwas stimmt hier nicht.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/741#issuecomment-297969953
--
Manage
URL: https://github.com/freeipa/freeipa/pull/729
Author: pvomacka
Title: #729: Turn on NSSOCSP check in mod_nss conf
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/729/head:pr729
git checkout pr729
From 96
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
Label: +rejected
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contrib
URL: https://github.com/freeipa/freeipa/pull/738
Author: pvoborni
Title: #738: restore: restart gssproxy after restore
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/738/head:pr738
git checkout pr738
--
Manage
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
pvoborni commented:
"""
PR #748 obsoletes this one - this PR was created badly and so I cannot force
update it. New one uses reload-or-restart
"""
See the full comment at
https://github.com/f
URL: https://github.com/freeipa/freeipa/pull/748
Title: #748: restore: restart/reload gssproxy after restore
pvoborni commented:
"""
Obsoletes PR #738
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/748#issuecomment-297962322
--
Manage your subscription for the Freeipa-de
URL: https://github.com/freeipa/freeipa/pull/748
Author: pvoborni
Title: #748: restore: restart/reload gssproxy after restore
Action: opened
PR body:
"""
So that gssproxy picks up new configuration and therefore related
usages like authentication of CLI against server works
https://pagure.io/
URL: https://github.com/freeipa/freeipa/pull/694
Author: martbab
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/694/head:pr694
git ch
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
HonzaCholasta commented:
"""
master:
* b1a1e104391c84cb9af7b0a7c8748c8652442ddb separate function to set
ipaConfigString values on service entry
* fb52f7a1f328b1266265
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.f
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.free
On 2017-04-27 14:00, Martin Bašti wrote:
>
>
> On 26.04.2017 20:41, Simo Sorce wrote:
>> On Wed, 2017-04-26 at 12:57 +0200, Martin Bašti wrote:
>>> On 25.04.2017 16:57, Martin Bašti wrote:
Hello all,
I'm going to implement automatic URI records for kdc proxy and I'd
like to cl
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
HonzaCholasta commented:
"""
Works for me, ACK.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/694#issuecomment-297940885
--
Manage your subscrip
Hi all,
I created "blocker" tag for FreeIPA Git Hub PRs.
It is should be used to mark PRs which solves test blocker or other
functional blockers - e.g. blocks creation of demo. I.e. should be used
rather rarely.
I don't like the tag name, but I couldn't find better.
Note: blocker priority i
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
Label: -pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contri
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
stlaz commented:
"""
Thank you for the brief action taken. Re-adding the ACK label.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/747#issuecomment-297935390
--
Manage
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
flo-renaud commented:
"""
@stlaz
Thank you for the reminder. Commit msg updated with issue 6907
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/747#issuecomment-2979351
URL: https://github.com/freeipa/freeipa/pull/747
Author: flo-renaud
Title: #747: vault: piped input for ipa vault-add fails
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/747/head:pr747
git checkout pr747
URL: https://github.com/freeipa/freeipa/pull/741
Title: #741: 6.9 -> 7.4 migration fixes
Label: +blocker
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
stlaz commented:
"""
@Akasurde: Don't add ACK label when the PR is not OK!
@flo-renaud: You will need to specify a ticket for this PR.
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/747
Title: #747: vault: piped input for ipa vault-add fails
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Label: +blocker
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.
URL: https://github.com/freeipa/freeipa/pull/741
Author: stlaz
Title: #741: 6.9 -> 7.4 migration fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/741/head:pr741
git checkout pr741
From fddf366557e23806
On 28.04.2017 09:32, Martin Kosek wrote:
On 04/27/2017 04:16 PM, Simo Sorce wrote:
On Thu, 2017-04-27 at 15:56 +0200, Petr Vobornik wrote:
On 04/27/2017 02:19 PM, Christian Heimes wrote:
On 2017-04-27 14:00, Martin Bašti wrote:
I would like to discuss consequences of adding kdc URI records:
On 04/27/2017 04:16 PM, Simo Sorce wrote:
> On Thu, 2017-04-27 at 15:56 +0200, Petr Vobornik wrote:
>> On 04/27/2017 02:19 PM, Christian Heimes wrote:
>>> On 2017-04-27 14:00, Martin Bašti wrote:
I would like to discuss consequences of adding kdc URI records:
1. basically all ipa cli
69 matches
Mail list logo
