Hi Maciej,
I concur with the answers in Rob's reply. But I have one question.
On Thu, May 17, 2018 at 04:03:36PM +0200, Maciej Drobniuch via FreeIPA-users
wrote:
> 3. How can I export the IPA revocation list so it's compliant with servers
> (CRL format)
>
What do you mean by "compliant with ser
Sorry, missed your build instructions, only saw them just now. I've just
kicked off that build and I'll check it tomorrow once I'm back in.
One note, it appears it's ./autogen.sh not ./autogen.pl ...
On Thu, May 17, 2018 at 6:16 PM, Jonathan Vaughn
wrote:
> Welp, I'm still getting the -fPIC err
On Wed, May 16, 2018 at 12:04 PM, Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>>
>> is there a way to configure parameters in sssd.conf when calling
>> ipa-client-install? It would be very helpful to be able to specify these
>> parameters:
>>
>> [sssd]
>> d
Natxo Asenjo via FreeIPA-users
writes:
> does anybody rotate host keytabs? Is it worth it security-wise?
Hi, krb5 maintainer here. Keytab rotation is ugly. I recommend not
doing it if you can avoid it largely because one of two things will
happen:
- All clients who have credentials against th
Welp, I'm still getting the -fPIC error ... so I may need to figure out how
to do it with COPR or something.
On Thu, May 17, 2018 at 4:16 PM, Jonathan Vaughn
wrote:
> I've never used COPR. I've dabbled with RPMs in the past but that was...
> CentOS 6 I think, and I wasn't making source code chan
In my current freeipa setup when I go in to the dns zone I see the
authoritative name server is incorrect. When I removed the server shouldn't it
have changed it?
Also when I go look at the bind config in
/var/named/dyndb-ldap/master/example.net/raw the SOA line shows the correct
server. Wher
I've never used COPR. I've dabbled with RPMs in the past but that was...
CentOS 6 I think, and I wasn't making source code changes so much as just
copying and pasting SRPMs from another RPM platform to build for CentOS,
using the regular rpmbuild stuff.
I did actually try just copying the configur
Jonathan Vaughn via FreeIPA-users wrote:
> Oops, hit reply instead of reply-all
>
> NSPR RPMs
>
> # yum list installed nspr*
> Installed Packages
> nspr.armv7hl
> 4.19.0-1.fc27
>
Oops, hit reply instead of reply-all
NSPR RPMs
# yum list installed nspr*
Installed Packages
nspr.armv7hl
4.19.0-1.fc27
@updates
nspr-debuginfo.armv7hl
4.19.0-1.fc27
@updates-debuginfo
nspr-debugsource.armv7hl
4.19.0-1.fc27
@updates-debuginfo
nspr-devel.armv7hl
4.
On to, 17 touko 2018, Rob Crittenden via FreeIPA-users wrote:
Andrew Meyer via FreeIPA-users wrote:
Has anyone installed this on their prod FreeIPA installation? I need to
hook FreeIPA into some other auth systems that don't support LDAP.
Ipsilon is a fine IdP and is used to host a bunch of h
On to, 17 touko 2018, Andrew Meyer wrote:
So I followed the directions to add it to my dev freeipa servers,
restarted the httpd. But when I go to log in at
https://myserver/idp as admin or myself, I get 401 Unauthorized no
matter what. This is what I need to install the server: sudo
ipsilon-se
Andrew Meyer via FreeIPA-users wrote:
> Has anyone installed this on their prod FreeIPA installation? I need to
> hook FreeIPA into some other auth systems that don't support LDAP.
Ipsilon is a fine IdP and is used to host a bunch of huge, operational
infrastructure (like FAS).
A bunch of FreeIP
Maciej Drobniuch via FreeIPA-users wrote:
> Hey Guys,
>
> I want to use the IPA CA for PKI on some of our web services( mostly of
> premises - that's why )
>
> What I do not know is:
> 1. How to add a profile id for certificate generation for the user so
> he/she can paste a CSR and get a certif
So I followed the directions to add it to my dev freeipa servers, restarted the
httpd. But when I go to log in at https://myserver/idp as admin or myself, I
get 401 Unauthorized no matter what. This is what I need to install the server:
sudo ipsilon-server-install --openid --saml2 yes --ipa ye
On to, 17 touko 2018, Andrew Meyer via FreeIPA-users wrote:
Has anyone installed this on their prod FreeIPA installation? I need
to hook FreeIPA into some other auth systems that don't support LDAP.
I'm using FreeIPA with Ipsilon for quite a few years for my home setup.
I even added integration
hi,
does anybody rotate host keytabs? Is it worth it security-wise?
Reading on how AD computer objects reset their password every 30 days (
https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/)
got me thinking about the host keytabs ...
Any ideas about this?
Has anyone installed this on their prod FreeIPA installation? I need to hook
FreeIPA into some other auth systems that don't support LDAP.___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-user
What are you trying to achive?
Do you want to have a one-liner for the installation?
M.
On Wed, May 16, 2018 at 12:04 PM, Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>
> is there a way to configure parameters in sssd.conf when calling
> ipa-client-instal
Hey Guys,
I want to use the IPA CA for PKI on some of our web services( mostly of
premises - that's why )
What I do not know is:
1. How to add a profile id for certificate generation for the user so
he/she can paste a CSR and get a certificate.
2. How to turn on/off automatic signing. ( I would
On 05/16/2018 10:03 PM, Jonathan Vaughn wrote:
I've been just using the packages from Fedora. I can build it
potentially but I don't have a cross build environment set up at the
moment. From experience I'd want to do that first because building
anything on the Pi usually takes ages.
I'd bee
20 matches
Mail list logo