On 03/24/2016 05:43 AM, Jan Pazdziora wrote:
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
I created a design page for the feature:
http://www.freeipa.org/page/URI-based-HBAC-design
I try to put separate areas of concerns into separate emails to make
it easy to keep track.
On 06/12/2015 03:40 PM, Nathaniel McCallum wrote:
It doesn't apply again.
On Tue, 2015-06-09 at 15:55 +0200, Christian Heimes wrote:
On 2015-05-27 15:16, Christian Heimes wrote:
Hello,
here is my first patch for FreeIPA. The patch integrates python
-kdcproxy
for MS-KKDCP support (aka Kerberos
On 06/12/2015 03:34 PM, Drew Erny wrote:
Hey, all,
What fields, exactly, should a self-service user be able to enter?
Thanks,
Drew Erny
Start with the minimum: First and Last name, email address. The userid
is automatically assigned based on their name, and their is a high
likelyhood
On 06/11/2015 01:58 PM, Drew Erny wrote:
I'm looking for documentation that provides a broader overview of the
way the WebUI fits together and works. I have the source, of course,
and I've been through Petr Voborni's documentation found at
https://pvoborni.fedorapeople.org/doc/. That documentat
On 06/09/2015 04:44 PM, Alexander Bokovoy wrote:
On Tue, 09 Jun 2015, Drew Erny wrote:
Hey, Freeipa, same thread new subtopic.
So, I was bouncing some ideas around with another developer (ayoung)
and I think I have a pretty good idea for self-service user
registration.
The idea is that I pu
On 06/09/2015 06:34 PM, Simo Sorce wrote:
On Tue, 2015-06-09 at 16:15 -0400, Drew Erny wrote:
Hey, Freeipa, same thread new subtopic.
So, I was bouncing some ideas around with another developer (ayoung) and
I think I have a pretty good idea for self-service user registration.
The idea is that
On 05/28/2015 01:29 AM, Jan Cholasta wrote:
Dne 27.5.2015 v 15:51 Nathaniel McCallum napsal(a):
On Wed, 2015-05-27 at 15:47 +0200, Jan Cholasta wrote:
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
ipa config-mod --enable-kdcproxy=TRUE
On 04/28/2015 11:58 AM, Innes, Duncan wrote:
Folks,
The A part of IPA has always been of great interest to me. Our
current IPA infrastructure works well at the I & P parts, giving us
great failover abilities and connectivity through hardware firewalls
without punching too many holes.
Whilst t
On 03/30/2015 11:52 AM, Simo Sorce wrote:
Since we now merged in a change from mod_auth_kerb to mod_auth_gssapi I
was wondering if we want to press further and emable by default the use
of native mod_auth_gssapi sessions ?
The old mod_auth_kerb didn't have this feature so, in order to have
decen
On 01/05/2015 04:47 AM, Petr Vobornik wrote:
Enforcing these restrictions could be solved by a 389 plugin but that
requires more work (from my POV).
Agreed. I don't think it can be properly done without the 389 plugin.
___
Freeipa-devel mailing list
On 12/22/2014 08:40 PM, Prashant Bapat wrote:
Hi,
We are planning to roll out FreeIPA for our AWS infrastructure to be
the central authentication service. Initially we plan to use the SSH
publi keys, user and group management by FreeIPA. We are looking at
rolling out the SSS on clients a litt
On 12/12/2014 07:33 AM, Joe Brockmeier wrote:
On 12/12/2014 03:15 AM, Kushal Das wrote:
It is time again to start discussion on the new features we want to
work for Fedora 22 release. The release schedule can be found at [1].
Please reply to this thread with the ideas you think will fit to
Fedo
On 06/02/2014 09:59 AM, Petr Vobornik wrote:
Hi List,
the purpose if this mail is to start a discussion about reorganization
of navigation items. Users are not fond of such change so we should
come up with a solution which would last for some time.
Problem:
UX recommendation is that one menu
On 02/28/2014 10:21 AM, Petr Viktorin wrote:
On 02/28/2014 04:15 PM, Alexander Bokovoy wrote:
On Fri, 28 Feb 2014, Nathaniel McCallum wrote:
On Fri, 2014-02-28 at 16:43 +0200, Alexander Bokovoy wrote:
On Fri, 28 Feb 2014, Nathaniel McCallum wrote:
>On Fri, 2014-02-28 at 10:47 +0100, Petr Vobor
On 02/07/2014 04:33 AM, Alexandre Santos wrote:
Hi Martin,
I´ve tried your example and i get this error:
curl -v \
-H "Content-Type:application/json" \
-H "Accept:applicaton/json"\
--negotiate -u : \
--delegation always \
--cacert /etc/ipa/ca.crt \
On 01/31/2014 05:03 AM, Martin Kosek wrote:
On 01/31/2014 10:45 AM, Francesco Chicchiriccò wrote:
On 30/01/2014 19:25, Dmitri Pal wrote:
On 01/30/2014 11:35 AM, Francesco Chicchiriccò wrote:
...
To call into IPA you can use "ipa ..." command line or use out API from
python client. Since you a
Nicely done.
What is the relationship to this and the Code Robby wrote last summer?
I assume it was the basis for this effort?
On 01/21/2014 05:19 PM, Nathaniel McCallum wrote:
kdcproxy contains a WSGI module for proxying KDC requests over HTTP by
following the MS-KKDCP protocol. It aims to
And...that was pretty much as far as I got.
with the updated repo + updates from the ppa the build succeeds but
tests fail, and those are harder for me to parse. Full build log at
http://pastebin.com/G40VMENn
Your first error is:
Failure: ImportError (No module named samba) ... ERROR
follo
strip the code out and
rewrite it from scratch.
Can someone check through git history and determine where the code comes
from and how the "only" label got onto it ?
There were Red Hat¹ contributors only so far:
$ for file in
install/ui/{src/freeipa/aci.js,test/aci_tests.js,test/wid
I'm about to take off for a week, and want to make sure that I don't
lose the momentum I've put in so far. I spent agood portion of
yesterday and today trying to get a Debian build going, and I think that
this is worth sharing with the larger team. Since FreeIPA has been RPM
focused thus far,
On 10/01/2013 04:45 AM, Petr Spacek wrote:
On 23.9.2013 19:06, Dmitri Pal wrote:
On 09/23/2013 10:25 AM, Petr Spacek wrote:
On 20.9.2013 19:29, Dmitri Pal wrote:
5) Met with James (the blogger) and the community guy who created
puppet
scripts for IPA. He was trying to convince me that we need
As a possible approach to getting things started, would it be possible
to use Alien and a JEOS install to get the FreeIPA server running on a
Debian system, and then work on converting over the dependencies one at
a time?
It seems like there are likely to be a series of Debian vs Fedora
issu
Keystone needs signing certificates for Signing PKI tokens.
In addition, CERN has a developed an approach that allows user to
authenticate to Keystone via X509 for batch jobs. This requires Client
Certs.
Both of these use cases are easily supported by Dogtag, but not exposed
via FreeIPA ye
also wrote there short
reviews of various JavaScript frameworks.
https://etherpad.openstack.org/webui-idm
On 11/01/2012 03:01 PM, Adam Young wrote:
On 11/01/2012 09:25 AM, Petr Vobornik wrote:
On 10/31/2012 11:13 PM, Dmitri Pal wrote:
On 10/30/2012 01:20 PM, Petr Vobornik wrote:
On 10/30
On 11/01/2012 09:25 AM, Petr Vobornik wrote:
On 10/31/2012 11:13 PM, Dmitri Pal wrote:
On 10/30/2012 01:20 PM, Petr Vobornik wrote:
On 10/30/2012 06:48 AM, Endi Sukma Dewata wrote:
On 10/29/2012 4:27 AM, Petr Vobornik wrote:
Hi,
I would like to make a bigger change in Web UI. Basically I thi
I got so frustrated with kerberos options for Python I started writing
a new MIT Kerberos Python binding in my spare time. It's pythonic,
meaning it supports all the basic python operations you expect such as
genuine classes that encapsulate a genuine Kerberos object,
properties, iteration, i
On 01/17/2012 10:36 AM, Endi Sukma Dewata wrote:
On 1/16/2012 8:02 AM, Petr Vobornik wrote:
1) Button position:
I added the button into facet header next to 'add', 'delete', 'reset',
'update' buttons as shown on the picture (
http://pvoborni.fedorapeople.org/images/2051-refresh-button.png ). I'm
On 01/13/2012 11:09 AM, Petr Vobornik wrote:
I have created a helper tool (script) for updating
install/ui/test/data/*.json files which are used for offline
presentation of FreeIPA Web UI. So I'm sharing it as it might be
useful for others.
Main purpose:
* updating ipa_init*.json files (shoul
On 01/02/2012 11:41 AM, Jérôme Fenal wrote:
Hi all,
I'm glad to announce that the French translation for FreeIPA software
has been completed, as on Transifex, except for 21 strings related to
entitlement.py.
Given the recent developments, I'm not sure it is 100% up to date with
current code
On 12/21/2011 10:18 AM, Simo Sorce wrote:
On Wed, 2011-12-21 at 17:16 +0200, Alexander Bokovoy wrote:
On Wed, 21 Dec 2011, Petr Vobornik wrote:
On 12/20/2011 10:06 PM, Adam Young wrote:
Hold this patch until all of the S4U2 code is pushed, otherwise it will
break the WebUI
assuming it is
On 12/21/2011 02:07 PM, John Dennis wrote:
For your holiday reading pleasure :-) Happy holidays to all.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
To answer a couple questions are a
Hold this patch until all of the S4U2 code is pushed, otherwise it will
break the WebUI
>From 90a087720f939e61a1f4fdf99e4a100161e1c5c8 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Tue, 20 Dec 2011 11:58:01 -0500
Subject: [PATCH] Remove delegation from browser config
---
install/sh
On 12/19/2011 03:52 PM, Simo Sorce wrote:
On Mon, 2011-12-19 at 11:49 -0500, Dmitri Pal wrote:
On 12/19/2011 11:11 AM, Ade Lee wrote:
Hi all,
Based on conversations with Adam, Simo and Rob, here are some thoughts
on $subject:
http://pki.fedoraproject.org/wiki/Merging_IPA_and_Dogtag_Databases
On 12/15/2011 07:09 PM, Dmitri Pal wrote:
On 12/15/2011 12:24 PM, Adam Young wrote:
When updating IPA, schema changes need to be applied to each of the
the tenant trees.
API
Each of the RPCs need to allow an optional parameter tenant. Members
of the original domain with an approapriate
The directory will no longer be world readable. Instead, ACIs will
limit the users ability to read only the subtree in which they are
enrolled. LDAP operations will require an authenticated bind.
When updating IPA, schema changes need to be applied to each of the
the tenant trees.
API
Ea
This is a first attempt to write up an approach for multitenancy in
IPA. Please provide feedback. I've attached the document as well, as
that should be easier to read.
Description
Multi-tenancy is an aspect of Identity Management (IdM) where multiple
parties use the same resource without l
On 12/05/2011 12:27 PM, Endi Sukma Dewata wrote:
On 12/5/2011 9:37 AM, Petr Vobornik wrote:
Created format method for getting translated messages for boolean values
- IPA.boolean_column_format.
Used in hosts, sudo rules, hbac rules.
https://fedorahosted.org/freeipa/ticket/2027
The patch work
case if anyone wants to talk to the PKI server
directly, and provide an exception for IPA to do the work it needs for
requesting certificates
On the Tomcat side, we would still do JNDI LDAP for getting the
Subjects,just using the principal forwarded from AJP.
On Tue, 2011-11-08 at 13
On 12/01/2011 10:02 AM, Petr Vobornik wrote:
Attaching patch for unit tests.
Couple of widget tests still fail.
They raise couple questions:
1) Should widget expect that array of values like ['value'] will be
always passed to update(values) method or the update method should
also work with s
On 11/29/2011 08:57 PM, Ryan Thomson wrote:
Hi Endi,
Thanks for reviewing the patch. Looks like I have some work to do.
1-2) I have to admit I didn't even try building with these patches. I
was pretty sure install/Makefile.am would need modification to install
it but I didn't know if submitti
So the crazy systemd folks are at it again:
https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs&pli=1
This is a re implementation of logging much the way the systmd was a
reimplementation of init.
Assume that it is going to get implemented, does this give u
On 11/14/2011 04:35 PM, Endi Sukma Dewata wrote:
On 11/14/2011 10:37 AM, Endi Sukma Dewata wrote:
The develop.js is no longer necessary because the code in it has
been merged into the main code.
An empty extension.js has been added to provide a place for UI
customization.
Ticket #2099
Replac
On 11/14/2011 11:27 AM, Endi Sukma Dewata wrote:
The permission target section has been modified to use widgets
to create the target selection and handle multiple fields.
Ticket #2098
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://w
On 11/10/2011 04:23 PM, Endi Sukma Dewata wrote:
On 11/10/2011 2:00 PM, Kyle Baker wrote:
Attached a mockup which shows each tab in a color set. This offers a
quick visual reference as to the tab groupings.
The colored tab looks good. What are the color settings? Suppose we
have more than 3 t
I like.
On 11/10/2011 03:00 PM, Kyle Baker wrote:
Attached a mockup which shows each tab in a color set. This offers a quick
visual reference as to the tab groupings. Also I have shown settings to the
right as this is inconsistent amongst the different sections of the tool.
Setting should be
One issue I have been looking at recently is how to integrate PKI and
IPA at the auth level while keeping a clean separation.
We can extract the authentication from the servlet code, so it is
purely a matter of configuring the Tomcat instance Realm.
I wrote up a Proof of concept for just d
On 11/08/2011 08:43 AM, Rob Crittenden wrote:
Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldapson port 636?
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/ma
On 11/04/2011 12:10 PM, Petr Vobornik wrote:
On 11/04/2011 04:37 AM, Endi Sukma Dewata wrote:
The entity definitions have been converted into classes. The entity
init() method will use the builder to construct the facets and dialogs.
The UI can be customized by creating a subclass of the origina
On 11/03/2011 11:30 AM, Andrew Wnuk wrote:
On 11/02/2011 03:19 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
[...]
So, a user becomes an agent on the ca by having a certificate in the
user
On 11/03/2011 11:00 AM, Ade Lee wrote:
On Thu, 2011-11-03 at 09:20 -0400, Adam Young wrote:
On 11/03/2011 12:56 AM, Simo Sorce wrote:
On Wed, 2011-11-02 at 20:25 -0400, Adam Young wrote:
On 11/02/2011 06:19 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade
On 11/03/2011 12:56 AM, Simo Sorce wrote:
On Wed, 2011-11-02 at 20:25 -0400, Adam Young wrote:
On 11/02/2011 06:19 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
[...]
So, a user becomes an
On 11/02/2011 06:19 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
[...]
So, a user becomes an agent on the ca by having a certificate in the
user record and being a member of the relevant
To clarify: there are two types of Data stored in the PKI CA DS
instances. One is Users and groups (IdM), and the other is
certificates and requests.
The CA currently administers its own users: creates, add deletes, add
privs and so forth. If we extract the IdM objects from the CA
cont
This sounds pretty good. I think it is the right approach.
On 11/01/2011 09:11 PM, Endi Sukma Dewata wrote:
>>> So I decided to try to get an IP Address widget working. See the
>>> attached patch. It was fairly trivial.
>>>
>>> However, this widget is not really all that useful by itself. It
From e5ba2e46e50cac4f1fe7f86ad7dcee42518f985c Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Tue, 1 Nov 2011 12:51:05 -0400
Subject: [PATCH] Add priority to pwpolicy list
First step to solving
https://fedorahosted.org/freeipa/ticket/1977
---
install/ui/policy.js |2 +-
1 files changed
On 11/01/2011 12:12 PM, Adam Young wrote:
We had a brief discussion on unifying the PKI and IPA Directory Server
instances. Here are my notes from it. Please fill out the details
and correct me if I've mis-stated anything below.
Issues:
1.
Both make changes to Config
We had a brief discussion on unifying the PKI and IPA Directory Server
instances. Here are my notes from it. Please fill out the details and
correct me if I've mis-stated anything below.
Issues:
1.
Both make changes to Config. One identified conflict is he
configuration of the Unique
On 10/27/2011 08:40 PM, Endi Sukma Dewata wrote:
On 10/27/2011 10:59 AM, Adam Young wrote:
The web UI can implement a similar mechanism. We do not want end sites
modifying the .js files shipped with the IPA server RPM, other wise,
they could inject columns and fields there, but they would be
On 10/27/2011 08:55 PM, Endi Sukma Dewata wrote:
On 10/27/2011 6:39 PM, Adam Young wrote:
We might need to distinguish 2 different usages of 'entity'. The first
one represents a collection of entries:
Call that an instance. Entity is the term that is the analogue of Class
On 10/27/2011 05:51 PM, Endi Sukma Dewata wrote:
On 10/27/2011 8:39 AM, Petr Vobornik wrote:
But still I think it would be better to be able to get container
(facet/dialog) for a widget. As you wrote, that.entity.get_facet() may
not always be what we want.
One possibility is to convert the fac
We had a pretty good discussion about the apporach we are looking at to
allow end sites to extend their IPA implementations without getting in
the way of upgrades etc. Here are some of the things I took away from
that meeting.
We want to maintain the namespace as it is. A site might decide
On 10/25/2011 05:24 PM, John Dennis wrote:
Usually when I look at a source code directory layout it's fairly
obvious what belongs in each directory. I'll be honest, I've never
quite understood the role of ipapython vs. ipalib. From time to time I
have to do some code refactoring, especially in
When setting up replication, it should not be necessary to cache any
passwords, anywhere, until the replication agreemsnts are set up, and
then, all caching should be using known secure mechanisms.
The two main repositories we care about are the Directory Server
instances managed by IPA and
When setting up replication, it should not be necessary to cache any
passwords, anywhere, until the replication agreemsnts are set up, and
then, all caching should be using known secure mechanisms.
The two main repositories we care about are the Directory Server
instances managed by IPA and th
On 10/21/2011 04:12 PM, Adam Young wrote:
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
This is the better approach. If ACKing, please specify 290 or 291
From
From c91971b54b322b1fcc0b8d269b09dc185addfc81 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Fri, 21 Oct 2011 16:11:23 -0400
Subject: [PATCH] show enrollment time for host
---
install/ui/host.js |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/install/ui/host.js b
On 10/19/2011 08:15 AM, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:18 +0200, Martin Kosek wrote:
On Wed, 2011-09-07 at 15:05 +0200, Martin Kosek wrote:
This is 3.0 Core Effort Backlog patch.
The changes to API may look scary, but it should be OK, I just added
validators and normalizers. I fo
Reposting to bring this discussion back to life. We started having it
on IRC.
On 09/28/2011 08:38 PM, Adam Young wrote:
So I decided to try to get an IP Address widget working. See the
attached patch. It was fairly trivial.
However, this widget is not really all that useful by itself. It
On 10/18/2011 02:25 PM, Endi Sukma Dewata wrote:
On 10/18/2011 10:52 AM, Petr Vobornik wrote:
> 3. Another goal is to replace entity names used in spec (see
> other_entity & nested_entity spec properties) with the actual entity
> objects. In this case it might be better to use the loops describe
On 10/14/2011 11:23 PM, John Dennis wrote:
I've been fixing a bug in the web UI when we retrieve a certificate.
The data that's displayed cannot be copied and used with any other
certificate (i.e. x509) software, openssl and NSS being prime
examples. The crux of the problem is it's not in a sta
On 10/14/2011 09:28 AM, John Dennis wrote:
[ I had a private email exchange with Rob concerning ticket 1201,
we've had a long standing issue with how certificates are exchanged
because in LDAP they are binary values. I told Rob I had a proof of
concept working and Rob sent me a code snippet ill
From 73af7db2fafb33dcdf0ad22b6837e961dc92271f Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Thu, 13 Oct 2011 14:48:55 -0400
Subject: [PATCH] rolegroup to role
Fixes the webui for the case wherea user is not admin but has a roile. In thatcase, the UI should show the full administrative
Each IPA user will have the ability to request a cryptographic
certificate. The primary usage for user certificates is for
authentication in cases where Kerberos is not an option: Across
firewalls and cases where cross domain trust has not been established.
There are a range of options for im
On 10/07/2011 02:42 PM, Rob Crittenden wrote:
Adam Young wrote:
On 10/06/2011 10:21 PM, Rob Crittenden wrote:
Adam Young wrote:
Not yet ready for prime time.
I've tested the changes to updateinstance by hand, so I know they
work.
I'm having problems with the python import setup.
On 10/07/2011 11:55 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1933
based on ayoung-0286-split-metadata-call
Web UI init method was modified to get initialization data in 3 calls.
First call remains the same as before except that the json_metadata
command was removed.
J
On 10/06/2011 10:21 PM, Rob Crittenden wrote:
Adam Young wrote:
Not yet ready for prime time.
I've tested the changes to updateinstance by hand, so I know they work.
I'm having problems with the python import setup.
RPM build fails with:
install/tools/ipa-upgradeconfig:36: [F0401]
mment the import for http utils, I get an error at run
time as well. That confuses me, as I am able to import installutils at
runtime.
From 84c7617d408ff55e409ed93c88c59ec073959f54 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Thu, 6 Oct 2011 20:37:57 -0400
Subject: [PATCH 287/288] Make ns
Even if ACKed, don't push this patch alone. It is part of some work
that Petr V is going to be doing as part of fixing
https://fedorahosted.org/freeipa/ticket/1933.
From b5b93109a9035557770f0959e21f4310bac5b7ba Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Thu, 6 Oct 2011 16:38:01
Upgrading from a system that had an earlier version of IPA to the
current is broken right now, due to the fact that the new code expects
to talk to the Certificate Authority (CA) via the proxy ports (80,
443), and the old code used non standard ports (above 8000).
IPA needs to make two chan
Upgrading from a system that had an earlier version of IPA to the
current is broken right now, due to the fact that the new code expects
to talk to the Certificate Authority (CA) via the proxy ports (80,
443), and the old code used non standard ports (above 8000).
IPA needs to make two chan
On 10/04/2011 12:43 PM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When
adding a non-posix group from the UI, unchecking the "Is this a POSIX
group?:" box should disable the "GID:" field.
_
On 10/04/2011 09:32 AM, Rob Crittenden wrote:
Adam Young wrote:
It is possible to generate a Certificate signing request from the
browser, if we use Mozilla specific code. I've mildly hacked the Mozilla
sample code to work with JQuery and to display the CSR to the screen,
instead of sendi
On 09/28/2011 06:50 PM, Endi Sukma Dewata wrote:
A new IPA.dialog_button class has been added to encapsulate the
buttons in the dialog box so they can be managed more easily.
The adder dialog has been modified to disable the enroll button if
there is no entries selected.
Ticket #1856
___
On 09/28/2011 11:46 AM, Ade Lee wrote:
Cross posting to pki-devel.
___
Pki-devel mailing list
pki-de...@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
Additional change:
diff /etc/httpd/conf.d/nss.conf.orig /etc/httpd/conf.d/nss.conf
On 09/27/2011 11:12 PM, Endi Sukma Dewata wrote:
The UI background has been replaced with new images from UXD.
Ticket #1842
Demo: http://edewata.fedorapeople.org/freeipa/install/ui/index.html
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 09/26/2011 08:54 AM, Rob Crittenden wrote:
Simo Sorce wrote:
On Mon, 2011-09-26 at 11:22 +0200, Martin Kosek wrote:
On Mon, 2011-09-26 at 08:31 +0200, Martin Kosek wrote:
On Sun, 2011-09-25 at 23:05 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Fri, 2011-09-23 at 14:12 -0400, Rob Cr
On 09/23/2011 11:52 AM, Rob Crittenden wrote:
Adam Young wrote:
On 09/23/2011 02:02 AM, Martin Kosek wrote:
On Thu, 2011-09-22 at 22:05 -0400, Adam Young wrote:
On 09/22/2011 08:31 PM, Endi Sukma Dewata wrote:
OPEN QUESTION: should we implement these new commands also for
discrete
DNS
On 09/23/2011 02:02 AM, Martin Kosek wrote:
On Thu, 2011-09-22 at 22:05 -0400, Adam Young wrote:
On 09/22/2011 08:31 PM, Endi Sukma Dewata wrote:
OPEN QUESTION: should we implement these new commands also for discrete
DNS records types to be consistent? I mean for example A, , CNAME,
PTR
On 09/23/2011 02:02 AM, Martin Kosek wrote:
On Thu, 2011-09-22 at 22:05 -0400, Adam Young wrote:
On 09/22/2011 08:31 PM, Endi Sukma Dewata wrote:
OPEN QUESTION: should we implement these new commands also for discrete
DNS records types to be consistent? I mean for example A, , CNAME,
PTR
On 09/22/2011 08:31 PM, Endi Sukma Dewata wrote:
On 9/22/2011 7:24 AM, Martin Kosek wrote:
2) Some DNS records may be pretty large. MX record data is small, but
for example CERT records have an entire certificate stored in it.
Wouldn't there be a problem if we place the large DNS record in URL?
Can we use augeas for this?
Augeas lenses use this kind of the validation and there is python
binding so may be we should use augeas as an inspiration or ask for an
augeas Javascript solution?
We might be able to learn something from Augeas, but the current Param
aspect of the Python architec
On 09/20/2011 11:11 AM, Martin Kosek wrote:
On Tue, 2011-09-20 at 10:02 -0400, Adam Young wrote:
This discussion got me thinking, always a dangerous proposal:
We are currently exposing record add with the lie that when you add a
record, it has a type. THe reality is that a record is just
This discussion got me thinking, always a dangerous proposal:
We are currently exposing record add with the lie that when you add a
record, it has a type. THe reality is that a record is just this big
collection of multi value attributes, and each of those is the "type"
of the record.
On 09/16/2011 08:58 AM, John Dennis wrote:
Thanks Adam!
FWIW I was kinda hoping for new development we would start using
Python and have as a general goal of migrating Perl code to Python as
opportunities arose.
Python is the company preferred scripting language. Once upon a time I
was a Pe
OK, here's something closer to releasable and written in Perl. This
script will upgrade the proxy ports to 9444 by default, or allow you to
override by setting the first parameter.
enable_proxy_dogtag.pl
Description: Perl program
___
Freeipa-devel
On 09/14/2011 12:18 PM, Martin Kosek wrote:
Attached in the txt file. If you have any comments or suggestions to
this proposal, please let me know.
https://fedorahosted.org/freeipa/ticket/1766
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
h
On 09/13/2011 09:08 AM, Petr Vobornik wrote:
https://fedorahosted.org/freeipa/ticket/1787
In 'IPA Server/RBAC/Permission/Settings/Rights' is missing a option
for setting 'read' permission which is supported in CLI.
___
Freeipa-devel mailing list
F
To convert an older build where the PKI system wasn't proxied:
awk '{print $0} /Define an AJP 1.3 Connector on port/ {print
"/>}" }' /etc/pki-ca/server.xml > server.xml.new ; mv server.xml.new
/etc/pki-ca/server.xml
sed -e "s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g" -e
"s/\[PKI_AJP_PORT\]/9444/
On 09/02/2011 12:46 PM, Andrew Wnuk wrote:
On 09/02/2011 06:05 AM, Rob Crittenden wrote:
The rhev-m team is trying to integrate IPA into their installs. They
currently use SSL as well and we're battling over the Apache
certificate (there can be only one).
One option that came up is if they in
1 - 100 of 1467 matches
Mail list logo