URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: opened
PR body:
"""
This kdestroy runs as root and wipes root's own ccachs ...
this is totally inappropriate.
https://fedorahosted.org/freeipa
URL: https://github.com/freeipa/freeipa/pull/466
Title: #466: pkinit: make sure to have proper dictionary for Kerberos instance
on upgrade
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: ht
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
simo5 commented:
"""
@MartinBasti the unit files are the wrong place to destroy ccaches, especially
given they run as a different user (root) and may not have access to dest
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
simo5 commented:
"""
If this is about backup/restore, add a kdestroy ccache in the restore scripts,
making sue it su - apache first
"""
See the full comment
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
simo5 commented:
"""
If you request a new keytab you should clean up the cacche ?
If we have a way to run the post exec command as the right user and with the
right /tmp (
URL: https://github.com/freeipa/freeipa/pull/473
Author: simo5
Title: #473: Fix session/cookie related issues introduced with the privilege
separation patches
Action: opened
PR body:
"""
Fixes two bugs opened recently about double cookies being returned and ccache
removal
&
URL: https://github.com/freeipa/freeipa/pull/473
Author: simo5
Title: #473: Fix session/cookie related issues introduced with the privilege
separation patches
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
simo5 commented:
"""
I guess we can simply set KRB5CCNAME=/tmp/krb5_httpd in the unit file and we
should be ok then.
@martbab or @mbasti, can you try that ?
If it solves y
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
simo5 commented:
"""
Uhm I just tried setting KRB5CCNAME=/tmp/krb5_httpd in my install and ... I
found out we do not actually generate an httpd ccache, so why are we trying
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/469
Title: #469: Ignore unlink error in ipa-otpd.socket
simo5 commented:
"""
@tiran I do not know, @npmccallum may know.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/469#issuecomment-280656899
--
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/485
Author: simo5
Title: #485: Fix session logout
Action: opened
PR body:
"""
There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wrong
value
URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server
simo5 commented:
"""
So this is the reasoning and why I am approving this PR and not #494.
When you build all components, including server bits, tests are installed,
therefor
URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: Use IPA CA cert in Custodia secrets client
simo5 commented:
"""
Works for me.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/506#issuecomment-282282986
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Should we also change the Requires on network.target ?
Do we really want to have a restart of IPa if someone restarts the network ?
"""
URL: https://github.com/freeipa/freeipa/pull/514
Author: simo5
Title: #514: Limit sessions to 30 minutes by default
Action: opened
PR body:
"""
When we changed the session handling code we unintentinally extended
sessions expiraion time to the whole ticket lifetime of 24h.
R
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Seemed worth fixing at the same time, but I won't insist.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#iss
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
simo5 commented:
"""
No, we do not store sessions in a session db, so that setting is not useful to
us.
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
Why do we need to talk to SSSD to do this?
Don't we have all the needed data in LDAP already ?
"""
See the full com
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
I am not sure we want to wait for replies from trusted domains, it may be very
slow, and in some cases it will just not work right (one
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
simo5 commented:
"""
Do we really care for calculating the expiration time ?
Should we just set timestamp to 0 or even remove the whole thing ?
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
simo5 commented:
"""
Ok, sorry for some reason I thought this was on the server side, where we do
not care what the cookie looks like, but on the client side we indeed care.
&q
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
simo5 commented:
"""
LGTM, please merge
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/532#issuecomment-284055799
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: opened
PR body:
"""
This new option (planned to land in gssproxy 0.7) we cache the ldap
ticket properly and avoid a ticket lookup to the KDC on each
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: opened
PR body:
"""
Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all creded
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: opened
PR body:
"""
GSS-SPNEGO allows us to negotiate a SASL bind with less roundtrips
therefore use it when possible.
We only enable it for local conn
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/547/head:pr547
git checkout pr547
From
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
simo5 commented:
"""
We are actually planning 0.7 at this point, due to the changes in the last few
patchsets :-)
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/533
Title: #533: WebUI: Change structure of Identity submenu
simo5 commented:
"""
I do not have enough insights on the .js side to say this is all correct, but
having seen the mockups I want to give an ack from my side here.
&q
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally
simo5 commented:
"""
We actually do not need to put a strong require, this patch will work
regardless, but won't provide any performance advantage on older versions.
You
URL: https://github.com/freeipa/freeipa/pull/543
Title: #543: Add options to allow ticket caching
simo5 commented:
"""
Yes, I think we should add a new PR later once we release gssproxy 0.7
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
@rcritten the keyring stuff is still used for detection of keyring in other
places, so I did not touch it as those uses are still vaild
""&
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Not sure how to provide unit tests, these functions work only if you have a
valid ccache in the name of the principal you are trying to store a sess
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Ok removed a bunch of code and made sure pylint passes.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/546#issuecom
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
I also renamed the module and the class, makes more sense to me this way around.
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Ok I decide to do away with the whole class stuff, given we never really keep a
round the class object for more than one operation at a time in actual us
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Oops sorry, forgot to run make pylint on my last iteration, should be all fixed
now
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/564
Title: #564: Reconfigure Kerberos library config as the last step of KDC install
simo5 commented:
"""
I do not think this is the correct fix/bug
What we want to do is to change kdc.conf to require certs only after we have
installe
URL: https://github.com/freeipa/freeipa/pull/567
Author: simo5
Title: #567: Configure KDC to use certs after they are deployed
Action: opened
PR body:
"""
Certmonger needs to access the KDC when it tries to obtain certs,
so make sure the KDC can run, then reconfigure it to use
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Still testing but this should be the way to go to fix the bug reported in #564
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/564
Title: #564: Reconfigure Kerberos library config as the last step of KDC install
simo5 commented:
"""
@martbab @abbra see the pull request in #567
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
simo5 commented:
"""
Can you prepare patch for spec file that requires gssproxy >= 0.7.0 and
mod_auth_gssapi >= 1.5.0 ?
"""
See the full comment at
htt
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Should have addressed all concerns in this push
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/567#issuecom
URL: https://github.com/freeipa/freeipa/pull/567
Author: simo5
Title: #567: Configure KDC to use certs after they are deployed
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/567/head:pr567
git checkout
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Can you figure out exactly why certmonger is doing this ?
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Sure no prob
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/567#issuecomment-286391140
--
Manage your subs
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
simo5 commented:
"""
NACK NACK NACK
Pleas revert the change to the gssproxy template, it undoes half the work done
in privilege separation
"""
See the full comment at
http
URL: https://github.com/freeipa/freeipa/pull/559
Author: pvomacka
Title: #559: WebUI: Certificate login
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/559/head:pr559
git checkout pr559
--
Manage your subscrip
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
simo5 commented:
"""
You need to wait to get th gssproxy fix I've been developing today and set the
minimum gssproxy version to the one with the fix once we get to publish it
"&q
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/585
Title: #585: Remove allow_constrained_delegation from gssproxy.conf
simo5 commented:
"""
Please change commit message to:
The Apache process *must* not allowed to use constrained delegation to contact
services because it is alr
URL: https://github.com/freeipa/freeipa/pull/585
Title: #585: Remove allow_constrained_delegation from gssproxy.conf
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/pa
URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage
simo5 commented:
"""
Technically principal names could use any encoding ... but we make the
assumption they are utf-8 in freeIPA, so this should be ok.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/543
Title: #543: Add options to allow ticket caching
simo5 commented:
"""
@MartinBasti can we push this ? It makes a big difference in framework
performance and load on the KDC
"""
See the full comment at
https://g
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/638
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
simo5 commented:
"""
One way to deal with this in the FILE case is to copy the ccache to a tmp file
and then rename to the original one. There is a risk of raci
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: opened
PR body:
"""
This patchset improves the behavior of the client in various ways.
- Avoids unbounded growth of FILE ccaches
- Fix regression with
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Note I am still running tests, but I think the patchset is good for review
already.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/638
Author: abbra
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/638/head:pr638
git checkout pr6
URL: https://github.com/freeipa/freeipa/pull/638
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
simo5 commented:
"""
This PR has been obsoleted by #649
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/638#issuecom
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
The FILE ccache is still growing because we keep getting updated cookies (where
the only thing that changes is the expiration date.
"""
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
I aded a 4th patch to address the FILE ccache growth issue.
It is a bit unorthodox but it works. Please review carefully and let me know if
you are ok wit
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Thank you @tiran @abbra all very good comments, I'll address soon all of them
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
I should have addressed all comments.
I did not comment on krb5_principal_compare() because I think that is obvious
and the function definition also doe
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Should I make a new PR for 4.5 ?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/649#issuecomment-289761195
--
Ma
URL: https://github.com/freeipa/freeipa/pull/664
Author: simo5
Title: #664: Backport of client session storage patches
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghf
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
I haven't tested this yet ... but what could possibily go wrong? :-)
"""
See the full comment at
https://github.com/freeipa/free
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: opened
PR body:
"""
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys agains
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Seem like both errors are the same problem.
Should we mark 6688 a duplicate of 6838 ?
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Nevermind they are not duplicates.
I'll fix the commit message.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/67
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/709
Author: simo5
Title: #709: Fix s4u2self with adtrust
Action: opened
PR body:
"""
When ADtrust is installed we add a PAC to all tickets, during protocol
transition we need to generate a new PAC for the requested user ticket
URL: https://github.com/freeipa/freeipa/pull/727
Title: #727: Regenerate ASN.1 code with asn1c 0.9.28
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/C
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
simo5 commented:
"""
The name of the project is GSS-Proxy, the package name is gssproxy.
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
simo5 commented:
"""
will a "systemctl reload gssproxy" do the right thing @frozencemetery ?
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented:
"""
This patch is wrong please revert
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/723#issuecomment-297699615
--
Ma
URL: https://github.com/freeipa/freeipa/pull/723
Author: MartinBasti
Title: #723: Store GSSAPI session key in /var/run/httpd
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/723/head:pr723
git checkout pr723
--
101 - 200 of 217 matches
Mail list logo