On 02/03/2014 10:37 PM, JR Aquino
wrote:
If you are seeing clock skew errors in
/var/log/dirsrv/slapd-EXAMPLE-COM/errors that look like this, then
you will need to verify the time/date of the server to make sure
NTP isn't freaked out. If the system date i
On Thu, Feb 27, 2014 at 10:36:01PM +, Nordgren, Bryce L -FS wrote:
>
>
> > But I
> > would argue that in this case root can just add some other module to the
> > pam stack that would dump passwords for any user who uses pam stack
> > regardless whether SSSD is in the picture or not so it is n
On Thu, Feb 27, 2014 at 09:03:35PM +, Nordgren, Bryce L -FS wrote:
>
> > On Wed, Feb 26, 2014 at 04:24:54PM -0500, Steve Dainard wrote:
> > > Would it not be possible for root to disable selinux enforcement?
>
> It should also be possible to copy private keys out of ~user/.ssh and login
> to
> But I
> would argue that in this case root can just add some other module to the
> pam stack that would dump passwords for any user who uses pam stack
> regardless whether SSSD is in the picture or not so it is not SSSD problem and
> I do not think it can be generally solved with the software.
On Thu, 27 Feb 2014, Michal Zacek wrote:
Hi,
I have successfully completed agreement between Windows and IPA and
it works. When I create user in Windows, it's synchronized to IPA
and when I change something on IPA for this user, it's synchronized
back to Windows, but when I create *new* us
On 02/27/2014 05:01 PM, Michal Zacek wrote:
Hi,
I have successfully completed agreement between Windows and IPA and it
works. When I create user in Windows, it's synchronized to IPA and
when I change something on IPA for this user, it's synchronized back
to Windows, but when I create *new*
Hi,
I have successfully completed agreement between Windows and IPA and it
works. When I create user in Windows, it's synchronized to IPA and when
I change something on IPA for this user, it's synchronized back to
Windows, but when I create *new* user in IPA it's not synchronized
(created)
On 02/27/2014 04:03 PM, Nordgren, Bryce L -FS wrote:
On Wed, Feb 26, 2014 at 04:24:54PM -0500, Steve Dainard wrote:
Would it not be possible for root to disable selinux enforcement?
It should also be possible to copy private keys out of ~user/.ssh and login to other
machines as "user", assumin
> On Wed, Feb 26, 2014 at 04:24:54PM -0500, Steve Dainard wrote:
> > Would it not be possible for root to disable selinux enforcement?
It should also be possible to copy private keys out of ~user/.ssh and login to
other machines as "user", assuming no password on the ssh key pair.
It's probably
On Wed, Feb 26, 2014 at 04:24:54PM -0500, Steve Dainard wrote:
> Would it not be possible for root to disable selinux enforcement?
Normally yes, if you're root, you can do all kinds of stuff including
appending 'selinux=0' to the kernel command line. Maybe there are better
SELinux experts on the l
Bob wrote:
How can I create the id=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com
account without creating a replication agreement.
I do not want to replicate accounts between AD and ipa, but I do want password
changes on AD to be sent to ipa.
Is this possible?
# ldapmodify -D "cn=direc
How can I create the
id=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com account without
creating a replication agreement.
I do not want to replicate accounts between AD and ipa, but I do want
password changes on AD to be sent to ipa.
Is this possible?
thanks,
Bob H
12 matches
Mail list logo
