Re: [Freeipa-devel] Moving our wiki back to password login

On 05/09/2017 04:29 PM, Martin Kosek wrote: > Hello all, > > As some of you noticed, FreeIPA wiki authentication via OpenID was > broken in the last days. I suspect (but did get reply from Patrick who > running the Fedora infra yet) that it was caused by Fedora moving t

[Freeipa-devel] Moving our wiki back to password login

reset it before logging in and you should get an email (the mail part did not work for martbab this afternoon, though). In the worst case, I can reset the password for you, just shoot me an email. Thanks! -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc

Re: [Freeipa-devel] KDC proxy URI records

On 04/27/2017 04:16 PM, Simo Sorce wrote: > On Thu, 2017-04-27 at 15:56 +0200, Petr Vobornik wrote: >> On 04/27/2017 02:19 PM, Christian Heimes wrote: >>> On 2017-04-27 14:00, Martin Bašti wrote: I would like to discuss consequences of adding kdc URI records: 1. basically all ipa cli

[Freeipa-devel] Release: script for updating contributors

a.org/page/Release#Update_Contributors.txt HTH! -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeip

Re: [Freeipa-devel] FreeIPA and wildcard certificates

On 02/20/2017 06:03 AM, Fraser Tweedale wrote: > On Fri, Feb 10, 2017 at 11:48:39AM +0100, Martin Kosek wrote: >> On 02/10/2017 10:37 AM, Fraser Tweedale wrote: >>> On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote: >>>> On 02/09/2017 10:44 PM, Fraser Twe

Re: [Freeipa-devel] FreeIPA and wildcard certificates

On 02/10/2017 10:37 AM, Fraser Tweedale wrote: > On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote: >> On 02/09/2017 10:44 PM, Fraser Tweedale wrote: >>> On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote: >>>> On 02/09/2017 02:12 AM, Fraser Twe

Re: [Freeipa-devel] FreeIPA and wildcard certificates

On 02/09/2017 10:44 PM, Fraser Tweedale wrote: > On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote: >> On 02/09/2017 02:12 AM, Fraser Tweedale wrote: >>> On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote: >>>> On ke, 08 helmi 2017, Martin Ko

Re: [Freeipa-devel] FreeIPA and wildcard certificates

On 02/09/2017 02:12 AM, Fraser Tweedale wrote: > On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote: >> On ke, 08 helmi 2017, Martin Kosek wrote: >>> Hi Fraser and the list, >>> >>> I recently was in a conversation about integrating OpenShift wi

[Freeipa-devel] FreeIPA and wildcard certificates

/install_config/router/default_haproxy_router.html#using-wildcard-certificates [2] https://fedorahosted.org/freeipa/ticket/3475 -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman

Re: [Freeipa-devel] FedoraHosted.org sunset

On 09/23/2016 09:54 AM, Jakub Hrozek wrote: > On Thu, Sep 22, 2016 at 06:09:43PM +0200, Petr Vobornik wrote: >> Hi all, >> >> As you know, FedoraHosted.org will be decommissioned. >> https://communityblog.fedoraproject.org/fedorahosted-sunset-2017-02-28/ >> >> We use Trac instance there. Let's dis

Re: [Freeipa-devel] FreeIPA wiki - fighting the spammers

On 08/19/2016 08:43 AM, Petr Spacek wrote: > On 18.8.2016 16:25, Martin Kosek wrote: >> Hello everyone, >> >> As some of you noticed, we had lately an increasing number of spam attacks >> against FreeIPA.org wiki. Even though we did not accept user registration >&g

[Freeipa-devel] FreeIPA wiki - fighting the spammers

e or even better ideas what is the easiest way to fight spam on our precious wiki, please let me know. -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo

Re: [Freeipa-devel] [PATCH 0004-0012] Automatic CSR generation

On 08/16/2016 08:12 PM, Alexander Bokovoy wrote: > On Tue, 16 Aug 2016, Ben Lipton wrote: >> On 08/10/2016 08:52 AM, Ben Lipton wrote: >>> The pull request at https://github.com/LiptonB/freeipa/pull/4/commits has >>> been brought up to date (with a force push), and also includes 3 more >>> patches,

Re: [Freeipa-devel] [PATCH] 0078-82: webui tests: tests for new certificate widget

On 07/29/2016 03:00 PM, Pavel Vomacka wrote: > > > On 07/28/2016 08:16 AM, Lenka Doudova wrote: >> >> >> >> On 07/20/2016 04:51 PM, Pavel Vomacka wrote: >>> Please review attached patches, which add tests for new certificate widget >>> in >>> WebUI. >>> >>> https://fedorahosted.org/freeipa/tick

Re: [Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate

On 08/08/2016 01:31 PM, Jan Pazdziora wrote: > On Mon, Aug 08, 2016 at 12:52:33PM +0200, Martin Kosek wrote: >> >> I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so >> let >> me repeat my suggestion here. I still think it is premature to add

Re: [Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate

On 08/05/2016 02:57 PM, Tibor Dudlak wrote: > Hi, > > I have extended my previous patch for authentication with user > certificate/smartcard. This patch includes patches and plugin described here: > http://www.freeipa.org/page/V4/External_Authentication/Setup > Page also contains steps to config

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 06/28/2016 02:05 PM, Fraser Tweedale wrote: > On Tue, Jun 28, 2016 at 12:49:26PM +0200, Martin Kosek wrote: >> On 06/28/2016 12:49 PM, Jan Cholasta wrote: >>> On 28.6.2016 12:33, Martin Kosek wrote: >>>> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: >>&g

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 06/28/2016 12:49 PM, Jan Cholasta wrote: > On 28.6.2016 12:33, Martin Kosek wrote: >> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: >>> On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: >>>> Hi Fraser, >>>> >>>> I was testing F

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

On 06/28/2016 12:23 PM, Fraser Tweedale wrote: > On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: >> Hi Fraser, >> >> I was testing FreeIPA Sub-CA feature and setup a Sub-CA: >> >> CN=Certificate Authority,O=VPN,O=DEMO1.FREEIPA.ORG >> >>

Re: [Freeipa-devel] [PATCH] 498 Update Contributors.txt

On 06/23/2016 07:39 PM, Lukas Slebodnik wrote: > On (23/06/16 15:22), Martin Kosek wrote: >> Update .mailmap to fix wrong commit author and re-generate >> the Developer contributor list. >> >> -- >> Martin Kosek >> Manager, Software Engineering - I

[Freeipa-devel] [PATCH] 498 Update Contributors.txt

Update .mailmap to fix wrong commit author and re-generate the Developer contributor list. -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. From 4271bdb36d111b90da3daf3f4312ec40d7db590f Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 23 Jun 2016 15

Re: [Freeipa-devel] I plan to delete my FreeIPA COPR repos

On 05/13/2016 01:43 PM, Martin Kosek wrote: > Hi all, > > When we were starting building FreeIPA in the Fedora COPR service [1], the > service did not support the organizations as it can do now and we did the > official repos in my personal name space [2] as I was the common denomi

[Freeipa-devel] [PATCH] 497 Update Developers in Contributors.txt

Since we are close to 4.4 release, let's add the latest contributors. (master branch should be enough). -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. From 2f3b4706fbdf4319a54ef679042cdf1b156787b5 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Th

Re: [Freeipa-devel] Using JSON for tlog config files

Removing the secondary list from this discussion. On 06/15/2016 01:29 PM, Nikolai Kondrashov wrote: > Hi Simo, > > On 06/15/2016 12:25 AM, Simo Sorce wrote: >> On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: >>> Although this was mentioned several times before, I'd like to bring >>>

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

On 06/10/2016 10:01 AM, Martin Basti wrote: > > > On 09.06.2016 21:45, Alexander Bokovoy wrote: >> On Thu, 09 Jun 2016, Martin Basti wrote: >>> >>> >>> On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: > On Mon, 06 Jun 2016, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 0473-0476, 0478-0482]DNS Locations: Prologue

On 06/03/2016 12:51 PM, Martin Basti wrote: > > > On 03.06.2016 08:53, Petr Spacek wrote: >> On 2.6.2016 17:53, Martin Basti wrote: >>> Typo - redundant ' ' at the end. Conditional NACK, warnings mentioned in http://www.freeipa.org/page/V4/DNS_Locatio

Re: [Freeipa-devel] Questions on git

On 05/25/2016 11:55 AM, Christian Heimes wrote: > On 2016-05-25 11:46, Martin Kosek wrote: >> On 05/25/2016 10:03 AM, Jan Pazdziora wrote: >>> On Mon, May 23, 2016 at 04:24:38PM +0200, Florence Blanc-Renaud wrote: >>>> >>>> - I start working on a specific

Re: [Freeipa-devel] Questions on git

On 05/25/2016 10:03 AM, Jan Pazdziora wrote: > On Mon, May 23, 2016 at 04:24:38PM +0200, Florence Blanc-Renaud wrote: >> >> - I start working on a specific issue and decide to create a branch on my >> git repository (on my laptop) >> git clone git://git.fedorahosted.org/git/freeipa.git >> git branc

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

On 05/24/2016 04:29 PM, Nathaniel McCallum wrote: > Using a pragma instead of guards is easier to write, less error prone > and avoids name clashes (a source of very subtle bugs). This pragma > is supported on almost all compilers, including all the compilers we > care about: https://en.wikipedia.o

[Freeipa-devel] FreeIPA.org mediawiki upgraded to 1.26.3

, please let me know. -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Reviving FreeIPA translations

On 05/15/2016 09:34 PM, Yuri Chornoivan wrote: > написане Sun, 15 May 2016 21:51:45 +0300, Martin Kosek : > >> On 05/14/2016 01:29 PM, Yuri Chornoivan wrote: >>> написане Sat, 14 May 2016 12:57:13 +0300, Jérôme Fenal : >>> >>>> 2016-05-13 13:32

Re: [Freeipa-devel] Reviving FreeIPA translations

On 05/14/2016 01:29 PM, Yuri Chornoivan wrote: > написане Sat, 14 May 2016 12:57:13 +0300, Jérôme Fenal : > >> 2016-05-13 13:32 GMT+02:00 Martin Kosek : >> >>> Hello, >>> >>> As you may or may not know, Tomas Babej left the FreeIPA team as a Red Hat &

[Freeipa-devel] I plan to delete my FreeIPA COPR repos

any blocker. So please holler if you depend on some of my repos. [1] https://copr.fedorainfracloud.org [2] https://copr.fedorainfracloud.org/coprs/mkosek/ [3] https://copr.fedorainfracloud.org/groups/g/freeipa/coprs/ -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat

[Freeipa-devel] Reviving FreeIPA translations

arly as in current FreeIPA git). -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Provisioning throughput

On 05/12/2016 04:16 PM, Ludwig Krispenz wrote: > > On 05/12/2016 03:45 PM, Ludwig Krispenz wrote: >> >> On 05/12/2016 02:16 PM, Petr Vobornik wrote: >>> On 05/10/2016 05:50 PM, thierry bordaz wrote: On 05/05/2016 03:44 PM, Petr Vobornik wrote: > On 05/04/2016 02:20 PM, thierry bordaz

Re: [Freeipa-devel] #5881 / bz1327092 ; fixing broken caIPAserviceCert profile

On 05/12/2016 12:56 AM, Fraser Tweedale wrote: > On Wed, May 11, 2016 at 04:36:34PM +0200, Jan Cholasta wrote: >> On 11.5.2016 15:04, Fraser Tweedale wrote: >>> On Wed, May 11, 2016 at 01:31:36PM +0200, Jan Cholasta wrote: ... 3) I would rather avoid adding new commands just to work around bug

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On 04/18/2016 10:31 AM, Martin Kosek wrote: > On 04/08/2016 05:10 PM, Martin Babinsky wrote: >> Hi list, >> >> I have put together a draft [1] outlining the effort to reimplement the >> handling of Kerberos principals in both backend and frontend layers of >&g

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

On 05/02/2016 02:28 PM, David Kupka wrote: > https://fedorahosted.org/freeipa/ticket/2795 That patch looks suspiciously short given the struggles I saw in http://www.redhat.com/archives/freeipa-devel/2015-June/msg00198.html :-) Instead of setting to IPAPWD_END_OF_TIME, should we instead avoid fil

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

On 04/08/2016 05:10 PM, Martin Babinsky wrote: > Hi list, > > I have put together a draft [1] outlining the effort to reimplement the > handling of Kerberos principals in both backend and frontend layers of FreeIPA > so that we may have multiple aliases per user, host or service and thus > impleme

Re: [Freeipa-devel] URI in HBAC - design page

On 03/24/2016 01:24 PM, Jan Pazdziora wrote: > On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote: >> On 03/24/2016 10:24 AM, Jan Pazdziora wrote: >>> On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote: >> ... >>> You present two solutions

Re: [Freeipa-devel] URI in HBAC - design page

On 03/24/2016 10:24 AM, Jan Pazdziora wrote: > On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote: ... > You present two solutions to the problem -- deny rules, and regular > expressions. For the record, HBAC deny rules is something we will want to avoid. Deny HBAC rules were remove

Re: [Freeipa-devel] URI in HBAC - design page

On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote: > I created a design page for the feature: > > http://www.freeipa.org/page/URI-based-HBAC-design Technicality update: - I changed the name and moved it to consistent location: http://www.freeipa.org/page/V4/URI-based_HBAC - I removed "version=0.1

Re: [Freeipa-devel] [DRAFT] FreeIPA 4.3.1 release notes

On 03/22/2016 06:35 PM, Petr Vobornik wrote: > Hello all, > > I prepared the release notes on FreeIPA.org wiki: > http://www.freeipa.org/page/Releases/4.3.1 > > Updates or improvements to release notes page welcome. Particularly if > you think some bug fixes/improvements deserves to be noted out

Re: [Freeipa-devel] [DESIGN] Server Roles

On 03/18/2016 03:43 PM, Martin Babinsky wrote: > On 03/18/2016 02:44 PM, Petr Vobornik wrote: >> On 03/18/2016 10:59 AM, Martin Kosek wrote: >>> On 03/18/2016 10:47 AM, Martin Babinsky wrote: >>>> On 03/18/2016 10:21 AM, Martin Kosek wrote: >>>>>

Re: [Freeipa-devel] [DESIGN] Server Roles

On 03/18/2016 03:58 PM, Simo Sorce wrote: > On Fri, 2016-03-18 at 15:28 +0100, Petr Vobornik wrote: >> On 03/18/2016 02:59 PM, Simo Sorce wrote: ... >> Use cases I see: >> 1. Administrator wants to know which servers are configured with >> CA|KRA|DNS. >> 2. Administrator wants to know which server

Re: [Freeipa-devel] [DESIGN] Server Roles

On 03/18/2016 10:47 AM, Martin Babinsky wrote: > On 03/18/2016 10:21 AM, Martin Kosek wrote: >> On 03/17/2016 06:16 PM, Martin Babinsky wrote: >>> Hi list, >>> >>> here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP design >>> documen

Re: [Freeipa-devel] [DESIGN] Server Roles

On 03/17/2016 06:16 PM, Martin Babinsky wrote: > Hi list, > > here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP design > document concerning the concept of Server Roles as a user-friendly abstraction > of the services running on IPA masters. > > The main aim of this feature is t

Re: [Freeipa-devel] [PATCH] 0050 caacl: correctly handle full user principal name

On 03/14/2016 06:18 AM, Alexander Bokovoy wrote: > On Mon, 14 Mar 2016, Fraser Tweedale wrote: >> The attached patch fixes >> https://fedorahosted.org/freeipa/ticket/5733. Thanks to Alexander >> for finding and reporting. >> >> Cheers, >> Fraser > >> From 9bd7b74d9c928f386bd7dae59588580881ed1a9d

Re: [Freeipa-devel] [PATCH 0434] log: add timestamp to filename of logs

On 03/11/2016 09:55 AM, Jan Cholasta wrote: > On 11.3.2016 09:33, Martin Kosek wrote: >> On 03/08/2016 07:07 PM, Martin Basti wrote: >>> >>> >>> On 08.03.2016 16:37, Martin Basti wrote: >>>> >>>> >>>> On 08.03.2016 16:31

Re: [Freeipa-devel] [PATCH 0434] log: add timestamp to filename of logs

On 03/08/2016 07:07 PM, Martin Basti wrote: > > > On 08.03.2016 16:37, Martin Basti wrote: >> >> >> On 08.03.2016 16:31, Martin Basti wrote: >>> https://fedorahosted.org/freeipa/ticket/4501 >>> >>> Patch attached. >>> >>> >> Rebased patch attached. >> >> > > self-NACK > > Scripts print to CLI u

Re: [Freeipa-devel] [PATCH 0067-0069] Various IPA log fixes

On 03/10/2016 03:44 PM, Rob Crittenden wrote: > Gabe Alford wrote: >> Hello, >> >> Attached patches fix the following tickets related to IPA log files: >> >> https://fedorahosted.org/freeipa/ticket/5724 >> https://fedorahosted.org/freeipa/ticket/5726 >> https://fedorahosted.org/freeipa/ticket/5727

Re: [Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns

On 03/07/2016 03:17 PM, Petr Spacek wrote: > On 7.3.2016 13:27, Jan Cholasta wrote: >> Hi, >> >> On 7.3.2016 12:47, Martin Babinsky wrote: >>> https://fedorahosted.org/freeipa/ticket/5696 >> >> Shouldn't we rather fix IPA to work with bind running in chroot (which is >> AFAIK considered good securi

Re: [Freeipa-devel] French translation for FreeIPA

On 03/07/2016 12:57 PM, Lukas Slebodnik wrote: > On (07/03/16 12:20), Martin Kosek wrote: >> On 03/07/2016 11:48 AM, Jérôme Fenal wrote: >>> 2016-02-29 18:45 GMT+01:00 Jérôme Fenal : >>> >>>> Hi all, >>>> >>>> Just a quick no

Re: [Freeipa-devel] French translation for FreeIPA

On 03/07/2016 11:48 AM, Jérôme Fenal wrote: > 2016-02-29 18:45 GMT+01:00 Jérôme Fenal : > >> Hi all, >> >> Just a quick note to let you that I completed the translation of what >> was available to translate on Zanata. >> >> Can you please check it passes the QA, that the strings available on >>

Re: [Freeipa-devel] Feature template - proposed changes

On 03/04/2016 03:59 PM, Petr Spacek wrote: > On 4.3.2016 15:23, Martin Kosek wrote: >> On 03/04/2016 03:11 PM, Petr Spacek wrote: >>> Hello, >>> >>> I've updated Feature template to make sure that important the design >>> decisions >>>

Re: [Freeipa-devel] [WIP] Time-Based HBAC Policies

On 03/04/2016 03:39 PM, Stanislav Laznicka wrote: > Based on Alexander's suggestion I created a copr repo with latest > python-icalendar version. > > https://copr.fedorainfracloud.org/coprs/stlaz/python-icalendar/packages/ Thanks. When we get to end-to-end functionality (again), it should again

Re: [Freeipa-devel] Feature template - proposed changes

On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like i

[Freeipa-devel] Proposing design template changes (Re: Feature template - proposed changes)

On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like i

Re: [Freeipa-devel] Feature template - proposed changes

On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like i

Re: [Freeipa-devel] Disabling Schema Compatibility rule

On 03/04/2016 02:30 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 01:09 PM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: >>>>

Re: [Freeipa-devel] Disabling Schema Compatibility rule

On 03/04/2016 01:09 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: >>>>

Re: [Freeipa-devel] Disabling Schema Compatibility rule

On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> Hi Alexander and others, >>>> >>>> As you know

Re: [Freeipa-devel] Disabling Schema Compatibility rule

On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> Hi Alexander and others, >> >> As you know, SSSD 1.13.4 added support of reading the native SUDO tree [1]. >> This means that FreeIPA deployments with all clients being SSSD

[Freeipa-devel] Disabling Schema Compatibility rule

certain Schema Compatibility rules? Ideally having a config options something like: schema-compat-enabled: on|off That could be changed via ldapmodify. [1] https://fedorahosted.org/sssd/ticket/1108 -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On 02/29/2016 11:35 PM, Nathaniel McCallum wrote: On Fri, 2016-02-26 at 09:00 +0100, Martin Kosek wrote: On 02/25/2016 10:51 PM, Simo Sorce wrote: On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: On Thu, 2016-02-25

Re: [Freeipa-devel] [PATCH] 0001 Adding URL to HBAC rule

On 02/26/2016 04:38 PM, Lukáš Hellebrandt wrote: > On 02/26/2016 01:30 PM, Martin Kosek wrote: >> Greetings, welcome! >> >> On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: >> ... >>> Btw, is there some better place to share patches than a pasting tool?

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

Greetings, welcome! On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: ... > Btw, is there some better place to share patches than a pasting tool? > Maybe some form of pull request? There is :-) Please see advise here: http://www.freeipa.org/page/Contribute/Code#Submit_a_patch It has more informa

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On 02/25/2016 10:51 PM, Simo Sorce wrote: > On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: >> On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: >>> On Thu, 2016-02-25 at 10:49 -0500, Simo Sorce wrote: On Thu, 2016-02-25 at 10:32 -0500, Nathaniel McCallum wrote: >>

Re: [Freeipa-devel] Locations design v2: LDAP schema & user interface

On 02/23/2016 06:59 PM, Petr Spacek wrote: > On 23.2.2016 18:14, Simo Sorce wrote: ... >> More seriously I think it is a great idea, but too premature to get all >> the way there now. We need to build schema and CLI that will allow us to >> get there without having to completely change interfaces i

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

On 02/23/2016 09:47 AM, David Kupka wrote: > On 22/02/16 16:15, Martin Kosek wrote: >> On 02/22/2016 04:04 PM, Jan Cholasta wrote: >>> On 22.2.2016 15:56, David Kupka wrote: >>>> On 22/02/16 07:28, Jan Cholasta wrote: >>>>> On 18.2.2016 10:10, David

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

On 02/22/2016 04:04 PM, Jan Cholasta wrote: > On 22.2.2016 15:56, David Kupka wrote: >> On 22/02/16 07:28, Jan Cholasta wrote: >>> On 18.2.2016 10:10, David Kupka wrote: >>>> On 19/01/16 16:10, David Kupka wrote: >>>>> On 19/01/16 14:38, Jan Cholasta w

Re: [Freeipa-devel] [PATCH 0416][WIP] fix broken configuration of sidgen and extdom plugins

On 02/19/2016 03:14 PM, Alexander Bokovoy wrote: > On Fri, 19 Feb 2016, Martin Kosek wrote: >>>> Why trust-add? >>>> >>>> I'm not a big fan of cluttering existing commands(find, show, mod) with >>>> logic >>>> to fi

Re: [Freeipa-devel] [PATCH 0416][WIP] fix broken configuration of sidgen and extdom plugins

On 02/19/2016 03:02 PM, Alexander Bokovoy wrote: > On Fri, 19 Feb 2016, Petr Vobornik wrote: >> On 02/19/2016 11:12 AM, Alexander Bokovoy wrote: >>> On Fri, 19 Feb 2016, Martin Basti wrote: WIP patch attached https://fedorahosted.org/freeipa/ticket/5665 >>> Comments inline. >>>

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

On 02/18/2016 10:10 AM, David Kupka wrote: > From 9952937f207f9a0afae8211276f1b7d7e762fd4e Mon Sep 17 00:00:00 2001 > From: Timo Aaltonen > Date: Tue, 19 Jan 2016 12:37:56 +0100 > Subject: [PATCH] Move freeipa certmonger helpers to libexecdir. > > The scripts in this directory are simple python s

Re: [Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites

On 02/11/2016 10:45 AM, Martin Basti wrote: > > > On 03.02.2016 15:35, Christian Heimes wrote: >> On 2016-01-29 15:05, Martin Basti wrote: >>> >>> On 29.01.2016 14:42, Christian Heimes wrote: >>>> On 2016-01-28 09:47, Martin Basti wrote: >>>

Re: [Freeipa-devel] [PATCH 2/3] ASN1: Fix warning Wpointer-to-int-cast

On 01/29/2016 12:15 PM, Lukas Slebodnik wrote: > ehlo, > > the first patch is very simple and it just suppress warning. > The second patch is either bug or dead code. I fixed it as a bug. > I'm not sure how to test 2nd patch. > > LS Thanks. But isn't this the code generated by asn1 tool? Maybe i

Re: [Freeipa-devel] [PATCH 0411] upgrade: log to ipaupgrade.log if ipa is not installed

On 01/29/2016 10:48 AM, Martin Basti wrote: > Missing record in ipaupgrade.log that upgrade failed because IPA is not > installed, causes harder time to debugging upgrade from log. > > Patch attached. I am thinking that in these general catch-all clauses, it could be also useful to print the stac

Re: [Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites

On 01/21/2016 04:21 PM, Christian Heimes wrote: The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf has been modernized. Insecure or less secure algorithms such as RC4, DES and 3DES are removed. Perfect forward secrecy suites with ephemeral ECDH key exchange have been added. IE

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 04:22 PM, thierry bordaz wrote: > On 01/21/2016 03:46 PM, Martin Kosek wrote: >> On 01/21/2016 01:37 PM, thierry bordaz wrote: >> Thanks! Couple comments: >> >> I miss ticket number of description. > > Thanks Martin for looking at it. >

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 01/21/2016 01:37 PM, thierry bordaz wrote: > Thanks! Couple comments: I miss ticket number of description. Does this patch mean that all blocker on DS side preventing remote DNA were fixed? If yes, it may be worth updating Requires in the spec file in that case and making sure the backport i

Re: [Freeipa-devel] [PATCH] 0049 Remove workaround for CA running check

On 01/20/2016 08:45 AM, Fraser Tweedale wrote: > The attached patch removes a workaround introduced as part of > https://fedorahosted.org/freeipa/ticket/4676. > > Alternatively, if we want to keep the "workaround" I will submit a > different patch that removes unused code and FIXME comments :) >

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

On 01/19/2016 01:47 PM, David Kupka wrote: > I've polished the patch attached to #5586 by Timo Aaltonen. > > Thanks for the patch. I've fixed the path in specfile and removed unused > import > but otherwise it works, ACK. > > https://fedorahosted.org/freeipa/ticket/5586 Won't this break existin

Re: [Freeipa-devel] [PATCH 539] ipalib: assume version 2.0 when skip_version_check is enabled

On 01/12/2016 03:46 PM, Jan Cholasta wrote: > Hi, > > the attached patch fixes . > > Honza I see you set the version to 2.0. As I am reading https://bugzilla.redhat.com/show_bug.cgi?id=1297811#c1 , shouldn't the minimal version be set to something hi

[Freeipa-devel] FreeIPA github mirror/repo (Fwd: [SSSD] The mirror at https://github.com/SSSD/sssd is now automatically updated)

FIY, I suspect FreeIPA will want follow the same approach for https://github.com/freeipa/freeipa (to be created) :-) Martin Forwarded Message Subject: [SSSD] The mirror at https://github.com/SSSD/sssd is now automatically updated Date: Mon, 11 Jan 2016 11:33:06 +0100 From: Jak

Re: [Freeipa-devel] [PATCH 0124] ipa-csreplica-manage: remove extraneous ldap2 connection

On 01/08/2016 06:31 PM, Martin Babinsky wrote: > On 01/08/2016 06:17 PM, Martin Basti wrote: >> >> >> On 08.01.2016 17:18, Martin Babinsky wrote: >>> fixes ipa-csreplica-manage del blowing up due >>> >>> https://fedorahosted.org/freeipa/ticket/5583 >>> >>> for master and ipa-4-3 only. >>> >> Give m

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

On 01/08/2016 03:02 PM, Rob Crittenden wrote: > Alexander Bokovoy wrote: >> On Fri, 08 Jan 2016, Martin Kosek wrote: >>> On 01/08/2016 02:17 PM, Fraser Tweedale wrote: >>>> On Fri, Jan 08, 2016 at 02:02:07PM +0100, Martin Kosek wrote: >>>>> On 01/08/20

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

On 01/08/2016 02:18 PM, Martin Babinsky wrote: > On 01/08/2016 02:14 PM, Jan Cholasta wrote: >> On 8.1.2016 14:09, Martin Basti wrote: >>> >>> >>> On 08.01.2016 14:00, Martin Kosek wrote: >>>> On 01/08/2016 01:45 PM, Martin Basti wrote: &

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

On 01/08/2016 02:24 PM, Christian Heimes wrote: > On 2016-01-08 13:26, Martin Kosek wrote: >> Hi Fraser and other X.509 SMEs, >> >> I wanted to check with you on what we have or plan to have with respect to >> certificate/cipher strength in FreeIPA. >> >> W

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

On 01/08/2016 02:32 PM, Martin Kosek wrote: > On 01/08/2016 02:22 PM, Jan Cholasta wrote: >> On 8.1.2016 14:13, Martin Basti wrote: >>> >>> >>> On 08.01.2016 14:14, Jan Cholasta wrote: >>>> On 8.1.2016 14:09, Martin Basti wrote: >>>>>

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

On 01/08/2016 02:22 PM, Jan Cholasta wrote: > On 8.1.2016 14:13, Martin Basti wrote: >> >> >> On 08.01.2016 14:14, Jan Cholasta wrote: >>> On 8.1.2016 14:09, Martin Basti wrote: >>>> >>>> >>>> On 08.01.2016 14:00, Martin Kosek wro

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

On 01/08/2016 02:17 PM, Fraser Tweedale wrote: > On Fri, Jan 08, 2016 at 02:02:07PM +0100, Martin Kosek wrote: >> On 01/08/2016 01:56 PM, Fraser Tweedale wrote: >>> On Fri, Jan 08, 2016 at 01:26:57PM +0100, Martin Kosek wrote: >>>> Hi Fraser and other X.509 SMEs, &g

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

On 01/08/2016 02:09 PM, Martin Basti wrote: > > > On 08.01.2016 14:00, Martin Kosek wrote: >> On 01/08/2016 01:45 PM, Martin Basti wrote: >>> Hello all, >>> >>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535 >>> requires to import r

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

On 01/08/2016 01:56 PM, Fraser Tweedale wrote: > On Fri, Jan 08, 2016 at 01:26:57PM +0100, Martin Kosek wrote: >> Hi Fraser and other X.509 SMEs, >> >> I wanted to check with you on what we have or plan to have with respect to >> certificate/cipher strength in Free

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

On 01/08/2016 01:45 PM, Martin Basti wrote: > Hello all, > > fix for ticket https://fedorahosted.org/freeipa/ticket/5535 > requires to import rpm module > > This import somehow breaks nsslib in IPA > https://fedorahosted.org/freeipa/ticket/5572 > > > We have 2 ways how to fix it: > > 1) move i

[Freeipa-devel] FreeIPA and modern requirements on certificates

maybe some change to our default certificate profiles? Thanks! -- Martin Kosek Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA

Re: [Freeipa-devel] [PATCH 0373] Upgrade: Fix IPA version comparison

On 12/11/2015 09:36 AM, Martin Kosek wrote: > On 12/10/2015 05:09 PM, Martin Basti wrote: >> >> >> On 10.12.2015 15:49, Tomas Babej wrote: >>> >>> On 12/10/2015 11:23 AM, Martin Basti wrote: >>>> >>>> On 10.12.2015 09:13, Lukas

Re: [Freeipa-devel] [PATCH 559] Fix kadmin for new users

On 01/06/2016 08:37 AM, Martin Babinsky wrote: > On 11/25/2015 03:41 PM, Martin Kosek wrote: >> On 11/25/2015 03:32 PM, Simo Sorce wrote: >>> On Wed, 2015-11-25 at 14:13 +0100, Tomas Babej wrote: >>>> >>>> On 11/25/2015 02:13 PM, Tomas Babej wrote: >&g

[Freeipa-devel] New FreeIPA official COPR URL (Re: ipa-devel repos on jdennis.fedorapeople.org)

On 01/04/2016 09:51 AM, Martin Kosek wrote: > On 12/22/2015 05:37 PM, Petr Vobornik wrote: >> On 12/22/2015 05:19 PM, Petr Spacek wrote: >>> On 22.12.2015 17:18, John Dennis wrote: >>>> On 12/22/2015 09:50 AM, Petr Spacek wrote: >>>>> John, the

Re: [Freeipa-devel] ipa-devel repos on jdennis.fedorapeople.org

On 12/22/2015 05:37 PM, Petr Vobornik wrote: > On 12/22/2015 05:19 PM, Petr Spacek wrote: >> On 22.12.2015 17:18, John Dennis wrote: >>> On 12/22/2015 09:50 AM, Petr Spacek wrote: John, the machines which used to generate the repos are basically dead now. Could you remove the directo

Re: [Freeipa-devel] [PATCH 0069] Add 'review' target for make

On 12/16/2015 12:01 PM, Petr Spacek wrote: > On 16.12.2015 11:15, Martin Kosek wrote: >> On 12/16/2015 10:02 AM, Petr Spacek wrote: >>> On 16.12.2015 09:53, Jan Cholasta wrote: >>>> On 16.12.2015 09:45, Petr Spacek wrote: >>>>> On 11.12.2015 15:50, Ja

  1   2   3   4   5   6   7   8   9   10   >