tmare...
Now I have only ports 22, 443, and 636 open, it gives a bit more
confidence in stability of the whole set up.
Marat
On Sat, Feb 27, 2016 at 6:32 PM, Lukas Slebodnik wrote:
> On (24/02/16 14:28), Marat Vyshegorodtsev wrote:
>>> Are you just toying with this or did something go h
-2.fc23.
Best regards, Marat
On Wed, Feb 24, 2016 at 6:07 AM, Rob Crittenden wrote:
> David Kupka wrote:
>> On 23/02/16 20:21, Marat Vyshegorodtsev wrote:
>>> Hi!
>>>
>>> I've been doing backups using the tool like this:
>>> ipa-back
Hi!
I've been doing backups using the tool like this:
ipa-backup --data --online
I didn't want any configuration to be backed up, since it is managed
from a chef recipe.
However, when I tried to recover the backup to a fresh FreeIPA
install, Kerberos (GSSAPI) broke — I can't authenticate myself
: modify
add: member
member: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com
On Thu, Jan 28, 2016 at 11:25 AM, Rob Crittenden wrote:
> Marat Vyshegorodtsev wrote:
>> Tried that.
>>
>> Originally I had just a normal user of a role "Build Administrator".
>&g
Hi!
My FreeIPA deployment is a part of PCI cardholder data environment.
Hence, I have to comply with with the requirements such as 8.1.1
(assign unique ID to each user) and 8.5 (do not use generic or shared
IDs).
I would like to move this user under service accounts (it may still be
used by chef
piration %>
nsIdleTimeout: 0
This didn't work (same error: not enough privileges), so I started
experimenting with explicit privileges assignment by basically copying
them from default "admin" user. Didn't work too.
I wonder what am I doing wrong.
On Thu, Jan 28, 2016 at 1:0
ou my chef recipe snippets to configure it.
On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev
wrote:
> My two cents:
>
> My "magic" string for NSS is like this (I had to move to Fedora 23
> from CentOS in order to get more recent NSS version though):
>
> NSSPro
set
of privileges worked fine, the problem started to happen when I moved
user from normal users to cn=sysaccounts,cn=etc.
Also, is my set of privileges minimal? Which privileges do I need to
just add host entries?
Best regards,
Marat Vyshegorodtsev
--
Manage your subscription for the Freeipa-
arely had support of TLSv1.2.
As for now, I suggest writing it in docs and add a check to ipa CLI tools
not to allow ECC certs.
Marat
2015年11月6日(金) 17:50 Martin Kosek :
> On 11/05/2015 02:39 PM, Marat Vyshegorodtsev wrote:
> > Hi!
> >
> > I've been fighting for the past we
],
nsSSLActivation=["on"],
)
conn.add_entry(entry)
My question is, is it possible to replace RSA with ECDSA here? If so,
what parameters should I pass to LDAP?
If this is fixable, can someone add autodetect of the type of the
certificate and enable appropriate algorithms in LDAP and Apache?
Best regards,
Marat Vyshegorodtsev
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
10 matches
Mail list logo