houldn't be building rpms themselves either, they
should consume nightly/snapshot builds produced by engineering,
either automatically or manually.
Could we add some high level goals for the refactoring effort, and
add a goal of having repoclosure'd yum repo for master and interesting
branc
On Wed, Sep 21, 2016 at 12:01:44PM +0200, Jan Pazdziora wrote:
>
> I've recently hit again the situation of IPA installer not happy
> about the provided IP address not being local to it, this time in
> containerized environment:
>
> https://bugzilla.redhat.com/
False requirement in the installer come
from and what would break if it was removed altogether?
Thanks,
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/lis
would prefer a scheme where they could be
> combined though for maximum flexibility with as little as possible
> ambiguity.
I agree that managing separate host group membership might be
and extra work. But it seems to be the only way to remove the ambiguity.
--
Jan Pazdziora
Senior Principal So
nderstand this difference, they may be
> surprised to find out there are clients that do not honor it.
I prefer the first option. We shouldn't introduce new feature and make
its behaviour ambiguous from the very start.
If the access is denied for old clients when the time-based mechanism
is u
On Mon, Aug 08, 2016 at 12:52:33PM +0200, Martin Kosek wrote:
>
> I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so
> let
> me repeat my suggestion here. I still think it is premature to add plugins
> like
> that to FreeIPA core git. We are not agre
-- obtaining the delegated certificated fails.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
stigation for FreeIPA and is working on some
polished instructions for the FreeIPA WebUI.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-dev
ive to merge
The reason I was given when discussing it with a GitHub person was
that it's a performance issue. They are worried that people would use
it for multi-hundred-commit branches and the WebUI would not be able
to provide the same fast response as for single diff/commit.
--
Jan Pazd
plicit about the diffs, plus git tools for
introspecting history often choke on parallel branches that get
merged.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/li
ted as
> logical OR.
>
> E.g.
>
> schemes: {http, https, ftp, ftps}
> URI: /home/pspacek
> host: any
> allow: pspacek
> should grant user pspacek access to directory /home/pspacek on any host as
> long as the scheme is http/https/ftp/ftps.
So you propose cartesian pro
the IP address of the IPA server itself can change with new start,
so the fact that SSSD couldn't talk to IPA was actually correct --
at that time, my client it was trying to talk to the IPA server on IP
address that was no longer valid.
--
Jan Pazdziora
Senior Principal Software Engineer,
isn't protocol
(scheme) there, there isn't service host name there, and there isn't
port there.
Can you please show (here or in the design page) how you envision
the situation
https://www.redhat.com/archives/freeipa-devel/2016-March/msg00462.html
would be modeled?
--
Jan Pazdzi
able unauthenticated access
centrally (in IPA)?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.
> user except users starting with "admin_", which is a problem if there is
How do you proposed to do that? You'd have to have a user group.
> unknown or infinite or large number of those users. Regular expressions
> seem to be more powerful.
More powerful: certainly. But you
mplication of exclude /
deny / longest record not found.
I don't like manual excludes either.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/
define some general rule the site accessible by all with the
> exceptions defined in "exclude" access rules and then build the rules specific
> to these excluded parts of the application URL tree.
Right, and we also need to give admin a very easy way to define those
excludes i
enticated sections, with more restricted access to subsections
underneath. How do you envision configuration to look like, and how
will the (missing) user identity be handled in that case?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Ma
proposed
against mod_authnz_pam.
If that turns out not to be a viable option, using SSSD's D-Bus
interface might the way to go, in which case it would likely be new
module, something like mod_authz_sssd.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red
On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote:
> On 03/24/2016 10:24 AM, Jan Pazdziora wrote:
> > On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> ...
> > You present two solutions to the problem -- deny rules, and regular
> > expressi
for easy maintenance and presentation.
My preference would be not to do the methods at this time but have
the data structured in such a way that it's easy to extend later.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription
should be a checkbox for the
user to explicitly enable case-insensitivity.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Cont
http(s)://www.example.com/auth/admin/ HBAC rule name 3
User group: network-admins
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman
not something
built into the mechanism.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
ve similar functionality to what you propose with the
regular expression approach, except the computers will do the work
of keeping things in sync, not users.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-d
On Wed, Mar 09, 2016 at 06:17:58PM +0100, Petr Vobornik wrote:
>
> pvoborni/freeipa-4-3 was never official it was used for 4-3 pre-release
> testing. mkosek/freeipa-4.3 is (and other in mkosek namespace). But they are
Ah, mean culpa, I've mixed those two.
Sorry for the noise.
--
nstead to separate location could increase visibility
and decrease confusion.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribu
rg/coprs/g/freeipa/freeipa-4-2-rc/
> [2] https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-rc/
Unfortunately, it seems the existing 4.3.0 repo at
https://copr.fedorainfracloud.org/coprs/pvoborni/freeipa-4-3/
now contains only mod_auth_gssapi, at least for Fedora 23
lity of the 2.0 value in particular -- not
sure who and where checks that value.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
One-liner.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
>From 612495129cb84fca972c0331adc591ea59dafd21 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 13 Oct 2015 13:07:24 +0200
Subject: [PATCH] The delegation uris are not set, ma
ts, we've cleverly worked around them.
Either that workaround step is needed and needs to be documented, or
that step should not be needed and there should be a ticket describing
the issue.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Mana
d in the test body to
achieve deterministic situation in which running that final check
makes sense.
I can imagine that simple
# workaround 5348
time.sleep(20)
and then some script which would find all these comments and compare
them to resolved tickets might be enough.
--
J
27;s not, so (IIUIC) you will keep having
nondeterministic failures in master.
I was mostly interested in the general approach that we have to
workarounds -- how do we track them, how do we make sure they don't
stick in tests forever, even after the issue was already properly
addressed.
--
Ja
ounds and
reverting them, so that the tests test the real, expected behaviour?
Also, instead of blind sleeps, wouldn't it be better to have some
polling for status of the services we are waiting for?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red H
failed to create that log file.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/C
rror] [pid 1394] [client
192.168.100.229:49031] AH00898: Error reading from remote server returned by
/ipa/keys/ra/ipaCert
[Tue Oct 06 13:24:31.017069 2015] [wsgi:error] [pid 10789] ipa: INFO:
[jsonserver_kerb] ad...@example.test: ping(): SUCCESS
--
Jan Pazdziora
Senior Principal Software Enginee
sts.)
I believe you also need to have the PTR sync enabled in the forward zone
(pesen.net).
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/fr
gt; >I think so, yes.
>
> Turns out it is already there.
Oleg, were you able to build from the branch now?
Simo, could you maybe make a copr repo from your branch?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscri
t; close to the bottom.
Simo,
could you please add the
How To Test
steps to http://www.freeipa.org/page/V4/Replica_Promotion?
It would make the functional check of this patchset easier, spelling
out how the workflow is supposed to work.
Thank you,
--
Jan Pazdziora
Senior Principal So
one? We don't seem to
suffer from the lack of tickets.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
nd it would then not be clear what
> version it is fixed in.
Moving all resolved "FreeIPA 4.2.x backlog" to the correct milestone
at the point that release is released and/or branched might be
reasonable approximation.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Manage
us major).
Is that expected?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
t
policy change?
I ask because if it's about labelling of files installed by rpm, the
(pre) might not help because rpm did not reload the file contexts
mid-transaction
https://bugzilla.redhat.com/show_bug.cgi?id=505066#c9
and I'm not sure things have changed since RHEL 5.
pa-server upgrading transaction, there could be
a selinux-policy downgrade operation, which would leave the newer
version for ipa-server's pre but install older version of
selinux-policy after it's done with ipa-server.
Yes, it's just a theoretical situation but we should not short
packages until
the end of the transaction.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
icket we are waiting for
(https://fedorahosted.org/sssd/ticket/2742 ?) should be added so
that it's clear that this step should be removed when the ticket
is addressed.
Otherwise, great effort with the How to Test section.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management
On Tue, Jul 28, 2015 at 03:56:47PM +0200, Jan Pazdziora wrote:
>
> INFO: Server startup in 5444 ms
> INFO: Server startup in 5936 ms
> INFO: Server startup in 5804 ms
Running netstat at the time when the tomcat should have restarted and
be ready shows
# /usr/bin/netstat -tln
Act
On Tue, Jul 28, 2015 at 03:25:50PM +0300, Alexander Bokovoy wrote:
> On Tue, 28 Jul 2015, Jan Pazdziora wrote:
> >
> >I do run it in container so it could be related, so I'm mostly looking
> >for blind hints about what might have changed in the installer or
> >in
at might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
s
> well [1]. The question came up in our Monday meeting as well. Nobody seem to
> know if anyone was using these builds and why we weren't using COPR. The
The Fedora infra admins should be able to provide HTTP logs for the
repo, if you needs some numbers about potential usage.
--
On Tue, Jul 14, 2015 at 08:31:19AM +0200, Petr Spacek wrote:
> On 13.7.2015 19:37, Jan Pazdziora wrote:
> >
> > However -- what is the purpose of the DNS check when adding service?
>
> The service is typically a Kerberos service, which usually is not going to
> work if th
ldn't that check be removed altogether?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeip
ve DNS record for the
host but the current
ipa: ERROR: Host does not have corresponding DNS A record
is just bad user experience.
Do you propose to change that ERROR to warning, for example,
relaxing the requirement for the DNS records being present?
--
Jan Pazdziora
Senior Principal S
uires: mod_wsgi
> -Requires: mod_auth_kerb >= 5.4-16
> +Requires: mod_auth_gssapi
Do we assume we will no longer do an upstream 4.2 release on
Fedora 20? Otherwise this should be covered by some %ifs to use
mod_auth_kerb on Fedora 20.
--
Jan Pazdziora
Principal Software Engineer, Iden
On Fri, Mar 27, 2015 at 09:15:29AM +0100, Jan Pazdziora wrote:
> On Thu, Mar 26, 2015 at 06:14:34PM +0100, Petr Vobornik wrote:
> > The FreeIPA team would like to announce FreeIPA v4.1.4 security release!
> >
> > It can be downloaded from http://www.freeipa.org/page/Downloads
http://dl.fedoraproject.org/pub/fedora/linux/updates/testing/21/x86_64/f/
So we did not really provide the release on Fedora 21 to the
community.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mai
ng --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/
e with testing in all sorts of
scenarios before the bits hit stable Fedora.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIP
well? The
https://admin.fedoraproject.org/updates/freeipa-4.1.4-1.fc21
is in testing and it will be a while before it gets to Fedora proper,
copr repo would give us a stable (no fiddling with updates-testing
enablement) yum source.
--
Jan Pazdziora
Principal Software Engineer, Identity Managem
PA might no longer mean identity, policy, *and audit*,
so maybe that second line could be dropped altogether?
Also, it's FreeIPA with capital IPA -- shouldn't the letters on the
box be capitalized as well?
In any case, since Máirín authored the logo, she should be consulted
about th
bute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
might be enough.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Go to http:/
he one-way
ability when we have the two-way one.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, Dec 03, 2014 at 05:16:23PM +0100, Martin Basti wrote:
> On 02/12/14 13:00, Jan Pazdziora wrote:
> >Hello,
> >
> >presumably explicitly specifying zone is not needed and can be
> >harmful.
> >
> This should be fixed in template for uploading SSHFP keys a
Hello,
Martin suggests dependency on subscription-manager is no longer needed.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
>From 4243c4016d5e9844e555f134ce091cf85c01fcb2 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 2 Dec 2014 17:33
Hello,
presumably explicitly specifying zone is not needed and can be
harmful.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
>From 934c5672cb0f73fc7d237cbf916707693dff9c39 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora
Date: Tue, 2 Dec 2014 11:48
hains by people who know
how their part should build and install.
Currently when we see a huge dependency tree when installing
freeipa-server package, it might not be immediatelly obvious, what
is causing the possible bloat.
--
Jan Pazdziora
Principal Software Engineer, Identity Management
On Mon, Oct 20, 2014 at 03:58:27PM +0200, Petr Vobornik wrote:
>
> The plan is to release 4.1 and then 4.0.4. Besides usual tarballs, 4.1 will
> go into Fedora rawhide, f21-updates-testing and mkosek/freeipa copr repo (to
> be usable on F20).
And RHEL 7 / CentOS 7?
--
Jan Pazdzio
play.
Can't you just run the tests once per day, no matter what?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
latest (with mkosek/freeipa copr)
> centos-7-4-0 (with potential future mkosek/freeipa-4-0 copr)
> centos-7-4-1 (with potential future mkosek/freeipa-4-1 copr)
>
> Makes sense?
Yes, thanks.
--
Jan Pazdziora
Principal Software Engine
even when 4.0.4 or 4.1.0 is out, the
4.0.3 content is still available?
I'd like to use these yum repos for Docker images and I wonder what
naming I should use for the branches and tags -- centos-7-upstream,
centos-7-4.0.3, or something else?
--
Jan Pazdziora
Principal Software Engineer, I
king wrapper ...
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
d as a result,
> can't use them to accomplish admin tasks.
Could we make this functionality part of the ipa-server-install script
itself? It could be useful outside of puppet as well?
Do you have any proposal how to go about ipa-client-install in puppet,
without having the password stored
id context:
> > unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument"
> >
> > We've seen this before. Sometimes pki-selinux fails to load its policy
> > for some reason. The best thing to do is to force re-install
Did you try to use %posttrans instead of %post?
I found error message
Failed to data from service file: Failed to get list of services to
probe status:
in my logs while experimenting with something and it confused me
a bit, hence this patch.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
On Tue, Apr 01, 2014 at 10:05:39AM +0200, Tomas Babej wrote:
>
> > Yes, that was the intention. Mistake on my part, I'll send updated patches.
> >
>
> Updated patch attached.
Ack based on reading the code and documentation for
slapi_ch_free_string.
--
Jan Pazdziora
P
iron):
> -full_url = wsgiref.util.request_uri(environ)
> +full_url = request_uri(environ)
Sadly, this antipattern seems needed even if the proper solution would
be to fix wsgi to properly export util. Is there bug filed for that.
Ack based on reading the code and wsgiref documentation wh
hat makes sense, I don't see why freeipa-docs needs to share
the same list of committers.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redh
_base_rid;
};
-- no forest_root_id and no id_range_type.
So NACK for applying to master. Perhaps there is some dependency
patch?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, Mar 26, 2014 at 05:30:13PM -0600, Gabe Alford wrote:
> All,
>
> Please review this patch for https://fedorahosted.org/freeipa/ticket/4156
> Added links to documentation on configuring NetworkManager.
Thank you for the patch.
ACK.
--
Jan Pazdziora
Principal Software Engine
On Mon, Mar 24, 2014 at 02:57:30PM +0100, Martin Kosek wrote:
> On 03/24/2014 02:47 PM, Jan Pazdziora wrote:
> > On Mon, Mar 03, 2014 at 08:24:41PM +0100, Tomas Babej wrote:
> >> Hi,
> >>
> >> Makes ipa-client-install configure SSSD as the data provider
> &
Ack.
Applied against ipa-client-3.0.0-37.el6.x86_64, tried without
--no-sudo and sudo was added to sssd.conf's services list and sudoeers
added to /etc/nsswitch.conf.
Rerun with --uninstall and run again with the --no-sudo parameter,
those settings were not longer there.
--
Jan Pazdziora
P
On Tue, Mar 18, 2014 at 09:02:13AM +0100, Marco Di Sabatino Di Diodoro wrote:
>
> what are the requirements or packages that a client must have to call
> JSON/RPC with java? We have a 401 error.
What packages / code do you attempt to use when you get that 401?
--
Jan Pazdziora
ssioned call:
> https://fedorahosted.org/freeipa/ticket/4225
The patch does not seem to apply against master.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https:
ot;) is the last thing done
> in the error handler.
>
> I guess it would be good to add a comment saying this.
Thank you for the explanation.
In that case, ack on the patch, provided you add a nice comment. ;-)
--
Jan Pazdziora
Principal Software Engineer, Identity Management Eng
cept errors.NotFound:
> +pass
> +# Re-raise original exception
> +raise
> self.obj.postprocess_result(entry, options)
> return dn
I'm not totally happy about this patch.
What happens when the ACI is already in LDA
viour when the usage of the
new values cannot really be enfoced by the admin (without the daemon
restart).
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On Wed, Mar 05, 2014 at 12:33:01PM +0100, Tomas Babej wrote:
> Thanks Jan, both fixed.
Ack.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
ht
either "on its own"
or "of its own accord".
> If SSH keys are not present (e.g when running the ipa-client-install in
Is it correct that there are no backslashes in this occurence of
ipa-client-install?
> a kickstart, before ever running sshd), they will not be uploa
arly, string
> to unicode). Instead, any values that evaluate to False that are neither
> numeric nor boolean should be converted to None.
[...]
Ack, all original values pass the _is_null() test.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
On Thu, Feb 20, 2014 at 12:20:12PM +0100, Petr Viktorin wrote:
> On 02/19/2014 04:54 PM, Jan Pazdziora wrote:
> >
> >However: since this is about restoring a backup, can't the backup
> >contain the extended attributes, so that the SELinux context gets
> >restored to
n't the backup
contain the extended attributes, so that the SELinux context gets
restored to the original state (which could be different from what
the restorecon will give you)?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
. And maybe in the past it even killed something?
The examples in
https://fedoraproject.org/wiki/Packaging:ScriptletSnippets
all have the redirect but no explanation why.
Maybe poking relevant Fedora people could yield some definitive
answer?
--
Jan Pazdziora
Principal Software Engine
paid plans.
this is primarily about OpenShift Online -- the hosted operation.
For Origin and Enterprise, the installers will typically install and
configure bind, so for the on-site scenarios the solution is already
there. And of course, you can use FreeIPA/IdM as well.
--
Jan Pazdziora
Principa
plain installing Origin:
https://bugzilla.redhat.com/show_bug.cgi?id=1027089
But if you were able to overcome those issues, nsupdate with GSS-TSIG
should just work.
Just for the note, with OpenShift Enterprise 1.2.x the feature is
there and working.
--
Jan Pazdziora
Principal Software En
can immediatelly start the rollback. The declarative installer
will continue marching towards the goal you gave it, possibly
increasing the number of (wrong) changes which will need to be
restored.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
h more important than leaving mess around with the intent of fixing
it upon the next run. Leaving things in consistent state is higher
value than idempotence.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa
ternal names.
Isn't it quite the oposite in cloud? The individual machines are
disposable often and all that matters is that there is a machine which
is able to provide a service, on some well-known stable public host
name. Which physical VM serves that service can change rapidly. A one
VM pr
On Tue, Sep 10, 2013 at 11:10:25AM -0400, Dmitri Pal wrote:
> >
> > Regarding SNI, it apparently is not supported in server-side NSS
> > (https://bugzilla.mozilla.org/show_bug.cgi?id=360421)
> > We need to either push for a solution to this or allow to switch to
> &g
viewing things on
the WebUI without modifying anything, you won't need the token at all.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@
or stored to an element in the DOM? You don't really
need to use cookies for that.
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
1 - 100 of 116 matches
Mail list logo
