A user will be able to list all other users and be able to read their
attributes. But will not be able to change anything.
Is that an issue ? I mean on a Linux box you can read /etc/passwd file
which has info about all users on that box. This doesn't cause issues.
On 8 March 2016 at 03:03, Matt W
Hi all, I had a quick question. I swear I had this before but that could
be the voices telling me it's true
A normal user is logging into IPA (4.2.0) and filling in their phone number
and info no problem. However when that user clicks on accounts above they
are then able to peruse the entire
Thomas Raehalme wrote:
> Hi!
>
> I have setup certificates for Puppet as described here:
> http://www.freeipa.org/page/Using_IPA's_CA_for_Puppet
>
> Unfortunately SELinux is giving me hard time when invoking "ipa-getcert
> request" to generate the private/public key for the Puppet agent
> (permis
Hi!
I have setup certificates for Puppet as described here:
http://www.freeipa.org/page/Using_IPA's_CA_for_Puppet
Unfortunately SELinux is giving me hard time when invoking "ipa-getcert
request" to generate the private/public key for the Puppet agent
(permission denied when trying to write the ke
On Mon, 07 Mar 2016, Zoske, Fabian wrote:
Hi,
I looked in the sudo_debug log and found the following line:
Mar 7 11:00:08 sudo[31293] <- new_logline @ ./logging.c:867 := user NOT authorized
on host ; TTY=pts/1 ; PWD=/home//f.zoske ; USER=root ; COMMAND=/bin/bash
On our IPA-Server I have follo
On Mon, Mar 07, 2016 at 09:58:20AM +0100, Natxo Asenjo wrote:
> On Mon, Mar 7, 2016 at 9:14 AM, Martin Kosek wrote:
>
> > On 03/05/2016 06:00 AM, Rob Crittenden wrote:
> > > Natxo Asenjo wrote:
> > >>
> > >> By the way, revoking the certificate does not block applications using
> > >> it from lda
Hi,
I looked in the sudo_debug log and found the following line:
Mar 7 11:00:08 sudo[31293] <- new_logline @ ./logging.c:867 := user NOT
authorized on host ; TTY=pts/1 ; PWD=/home//f.zoske ; USER=root ;
COMMAND=/bin/bash
On our IPA-Server I have following rules:
HBAC:
Name: allow_all_admins
W
On Mon, Mar 7, 2016 at 9:14 AM, Martin Kosek wrote:
> On 03/05/2016 06:00 AM, Rob Crittenden wrote:
> > Natxo Asenjo wrote:
> >>
> >> By the way, revoking the certificate does not block applications using
> >> it from ldap.
> >>
> >> I can still access the ldap server using this cert/key pair *af
On Mon, 07 Mar 2016, Zoske, Fabian wrote:
Thank you for your explanation.
I looked in the sssd_.log and found the actual LDAP-Filter.
The problem seems to be the first part again:
(&(objectclass=sudoRole)(entryUSN>=485025)(!(entryUSN=485025))).
In the LDAP-Tree I can't see any attribute named e
Thank you for your explanation.
I looked in the sssd_.log and found the actual LDAP-Filter.
The problem seems to be the first part again:
(&(objectclass=sudoRole)(entryUSN>=485025)(!(entryUSN=485025))).
In the LDAP-Tree I can't see any attribute named entryUSN.
Is this related to the problem?
B
On 03/05/2016 06:00 AM, Rob Crittenden wrote:
> Natxo Asenjo wrote:
>>
>> By the way, revoking the certificate does not block applications using
>> it from ldap.
>>
>> I can still access the ldap server using this cert/key pair *after*
>> revoking the certificate using ipa cert-revoke . In order to
On Mon, 07 Mar 2016, Zoske, Fabian wrote:
Hi,
in our environment server (ipa-server-4.2.0-15.el7_2.6.x86_64 and
sssd-1.13.0-40.el7_2.1.x86_64 on CentOS 7.2) and client
(ipa-client-4.2.0-15.el7_2.6.x86_64 and sssd-1.13.0-40.el7_2.1.x86_64
on CentOS 7.2) SUDO rules doesn’t get fetched anymore.
I
12 matches
Mail list logo
