On 09/29/2015 05:49 PM, Jakub Hrozek wrote:
On Tue, Sep 29, 2015 at 02:20:39PM +0200, Pavel Reichl wrote:
In my opinion we can drop the change. This is not an imminent bug it's rather
code style dispute and I don't think that we have to bother Sumit for that.
Unless of course pbrezina feels
On Tue, Sep 29, 2015 at 08:28:30AM +0200, Lukas Slebodnik wrote:
> On (28/09/15 14:19), Jakub Hrozek wrote:
> >Hi,
> >
> >to activate this hook, copy it from contrib to .git/hooks and make sure
> >the executable flag is on. Attempting to push a commit without
> >Reviewed-By will then trigger an err
Hi,
to help the OpenSCAP integration, I prepared a wiki page that contains
options which have a security impact -- either positive (drop root) or
negative (ignore certificate validation issues).
I also tried to explain the effect of the options along with the
description. There are some more item
Hi,
while documenting the security options I realized man sssd.conf doesn't
include the krb5 and proxy access control modules. I hope I worded the
sentence about krb5 correctly.
>From 9c8ce997e738c537061d53c5499ad0d0417c012e Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Wed, 30 Sep 2015 04:25
Hi,
while working on the hardening wiki page, I realized the
pam_trusted_users option can be improved. Please see the attached patch.
>From ac09c8dabb706ad1a870354a2879eb899d17c5fc Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Wed, 30 Sep 2015 09:33:17 +0200
Subject: [PATCH] MAN: Clarify pam_
On 09/30/2015 09:38 AM, Jakub Hrozek wrote:
Hi,
to help the OpenSCAP integration, I prepared a wiki page that contains
options which have a security impact -- either positive (drop root) or
negative (ignore certificate validation issues).
I also tried to explain the effect of the options alon
On Tue, Sep 29, 2015 at 07:53:41PM +0200, Jakub Hrozek wrote:
> On Tue, Sep 29, 2015 at 06:15:35PM +0200, Sumit Bose wrote:
> > On Tue, Sep 29, 2015 at 05:57:32PM +0200, Jakub Hrozek wrote:
> > > On Mon, Sep 28, 2015 at 10:18:07AM +0200, Sumit Bose wrote:
> > > > On Mon, Jun 29, 2015 at 11:07:30PM
On Tue, Sep 29, 2015 at 09:25:13AM +0200, Jakub Hrozek wrote:
> On Fri, Sep 25, 2015 at 11:00:07AM +0200, Jakub Hrozek wrote:
> > On Fri, Sep 25, 2015 at 10:31:02AM +0200, Lukas Slebodnik wrote:
> > > >The test_ipa_subdom_server test took me some time, that's why I don't
> > > >think we need to blo
On 09/30/2015 08:31 AM, Lukas Slebodnik wrote:
On (29/09/15 17:02), Nikolai Kondrashov wrote:
Er, no, I don't mind which way we go, but we'd better be consistent, so please
either change Lukas's patch, or all the other places :)
Or, Lukas, did you mean that "||" outside []/[[]] tests is differe
On Wed, Sep 30, 2015 at 08:31:57AM +0200, Pavel Reichl wrote:
>
>
> On 09/30/2015 07:42 AM, Lukas Slebodnik wrote:
> >On (29/09/15 17:45), Jakub Hrozek wrote:
> >>On Tue, Sep 29, 2015 at 11:38:58AM +0200, Sumit Bose wrote:
> >>>On Tue, Sep 29, 2015 at 10:50:06AM +0200, Pavel Reichl wrote:
>
On 09/30/2015 09:38 AM, Jakub Hrozek wrote:
Hi,
to help the OpenSCAP integration, I prepared a wiki page that contains
options which have a security impact -- either positive (drop root) or
negative (ignore certificate validation issues).
I also tried to explain the effect of the options along
On (30/09/15 10:06), Sumit Bose wrote:
>On Wed, Sep 30, 2015 at 08:31:57AM +0200, Pavel Reichl wrote:
>>
>>
>> On 09/30/2015 07:42 AM, Lukas Slebodnik wrote:
>> >On (29/09/15 17:45), Jakub Hrozek wrote:
>> >>On Tue, Sep 29, 2015 at 11:38:58AM +0200, Sumit Bose wrote:
>> >>>On Tue, Sep 29, 2015 at
On (30/09/15 09:38), Jakub Hrozek wrote:
>Hi,
>
>to help the OpenSCAP integration, I prepared a wiki page that contains
>options which have a security impact -- either positive (drop root) or
>negative (ignore certificate validation issues).
>
>I also tried to explain the effect of the options alon
On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote:
> It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and
> suggestions how those tags shall look like.
Thanks, I ressurected
https://fedorahosted.org/sssd/ticket/1372 from Deferred as well.
_
On Wed, Sep 30, 2015 at 10:07:48AM +0200, Pavel Reichl wrote:
> Should not we also mention dreadful option
> ldap_auth_disable_tls_never_use_in_production ?
That's what I was trying to ask :)
> > * should the page warn against the
> > auth-option-that-shall-not-be-mentioned or politely
On Wed, Sep 30, 2015 at 10:37:30AM +0200, Lukas Slebodnik wrote:
> On (30/09/15 09:38), Jakub Hrozek wrote:
> >Hi,
> >
> >to help the OpenSCAP integration, I prepared a wiki page that contains
> >options which have a security impact -- either positive (drop root) or
> >negative (ignore certificate
On 09/30/2015 11:15 AM, Jakub Hrozek wrote:
On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote:
It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and
suggestions how those tags shall look like.
Thanks, I ressurected
https://fedorahosted.org/sssd/ticket/1372 from Deferre
== SSSD 1.13.1 ===
The SSSD team is proud to announce the release of version 1.13.1 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly.
== Feedback ==
Ple
On Wed, Sep 30, 2015 at 01:10:20PM +0200, Petr Cech wrote:
> On 09/30/2015 11:15 AM, Jakub Hrozek wrote:
> >On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote:
> >>It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and
> >>suggestions how those tags shall look like.
> >
> >Th
On (30/09/15 11:02), Nikolai Kondrashov wrote:
>On 09/30/2015 08:31 AM, Lukas Slebodnik wrote:
>>On (29/09/15 17:02), Nikolai Kondrashov wrote:
>>>Er, no, I don't mind which way we go, but we'd better be consistent, so
>>>please
>>>either change Lukas's patch, or all the other places :)
>>>
>>>Or,
On (19/06/15 14:25), Jakub Hrozek wrote:
>On Tue, Jun 16, 2015 at 11:40:21PM +0200, Lukas Slebodnik wrote:
>> ehlo,
>>
>> we dropped support for old version of python (<2.6)
>> in recent version of sssd. It should work in 1.11 branch
>> but there was a small issue in pysss_nss_idmap bindings.
>>
On 09/30/2015 09:59 AM, Lukas Slebodnik wrote:
On (29/09/15 16:47), Nikolai Kondrashov wrote:
>On 09/29/2015 03:41 PM, Lukas Slebodnik wrote:
>>ehlo,
>>
>>Integration tests are enabled on debian with the last patch.
>
>So we've got more cwrap packages into Debian? Awesome:)! Or were they there
On Tue, Sep 29, 2015 at 11:40:34AM +0200, Pavel Reichl wrote:
>
>
> On 09/21/2015 05:47 PM, Jakub Hrozek wrote:
> >On Mon, Sep 21, 2015 at 01:03:13PM +0200, Pavel Reichl wrote:
> >>
> >>
> >>On 09/21/2015 10:52 AM, Pavel Březina wrote:
> >>>On 08/28/2015 11:05 AM, Pavel Reichl wrote:
> On 08/
On Wed, Sep 23, 2015 at 07:11:32AM +0200, Petr Cech wrote:
> On 09/22/2015 05:25 PM, Pavel Reichl wrote:
> >Hello, please see trivial patch attached.
> Hello,
> it works.
> CI tests: http://sssd-ci.duckdns.org/logs/job/27/54/summary.html
>
> ACK
>
> Petr
* master: 1e87219471c1220c773ea75b211ad0a
On 09/30/2015 04:08 PM, Nikolai Kondrashov wrote:
Looks fine now, tested on my Debian laptop - worked fine.
Additionally, it worked on a fresh Debian Testing Docker image - niiice :)
Nick
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
On 09/30/2015 08:20 AM, Lukas Slebodnik wrote:
On (29/09/15 17:35), Nikolai Kondrashov wrote:
On 09/29/2015 05:13 PM, Nikolai Kondrashov wrote:
On 09/29/2015 03:54 PM, Lukas Slebodnik wrote:
ehlo,
I touched the CI script and I found an interesting todo
distro.sh-52-{
distro.sh-53-declare
On Wed, Sep 23, 2015 at 08:55:11PM +0200, Pavel Březina wrote:
> Ack. Thank you!
CI: http://sssd-ci.duckdns.org/logs/job/28/14/summary.html
* master: 3fb1ee96f508784d7e06f079111d4d32d401a99b
btw the ticket was in Backlog, not in the currently-in-progress 1.13.2,
so I just moved it.
_
Hi everyone,
Here is a patch set fixing some things in integration tests and adding more
LDAP tests:
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* Filtering users/groups with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fal
On Wed, Sep 30, 2015 at 04:08:09PM +0300, Nikolai Kondrashov wrote:
> Thank you, Lukas!
>
> ACK.
CI: http://sssd-ci.duckdns.org/logs/job/28/16/summary.html
* master:
* cf37196dca93a8785c5a4e0af6e9a5053bff4e3a
* 90063840941efb2015d4375333677e3c26b1f4e6
* cccbf6f5b2b80cd3f6311ccad96780f
On 09/30/2015 06:15 PM, Nikolai Kondrashov wrote:
-create_conf_fixture(request, conf)
+create_conf_fixture(request, format_basic_conf(ldap_conn, False, True))
Actually, I wanted to do one more thing with this and forgot:
name the "bis" and "enum" parameters explicitly on each invocation
Hi everyone,
I noticed one little thing was wrong with the combined
filter_users/filter_groups description on the sssd.conf(5) manpage and also
wanted to add a note WRT nested groups behavior with filter_groups which was a
bit surprising to me. The trivial patches are attached.
Nick
>From 6cfaea
On 09/30/2015 06:15 PM, Nikolai Kondrashov wrote:
NOTE: These still break test_memory_cache.py as seen in the attached log file.
Here's a fresher log, with the correct line numbers:
http://sssd-ci.duckdns.org/logs/job/28/19/rhel7/ci-build-debug/ci-make-intgcheck.log
Nick
_
On Wed, 30 Sep 2015, Jakub Hrozek wrote:
Hi,
while documenting the security options I realized man sssd.conf doesn't
include the krb5 and proxy access control modules. I hope I worded the
sentence about krb5 correctly.
ACK
--
/ Alexander Bokovoy
___
On Wed, 30 Sep 2015, Jakub Hrozek wrote:
Hi,
while working on the hardening wiki page, I realized the
pam_trusted_users option can be improved. Please see the attached patch.
ACK, this is much better explanation than it was before.
--
/ Alexander Bokovoy
___
On (30/09/15 17:39), Nikolai Kondrashov wrote:
>On 09/30/2015 08:20 AM, Lukas Slebodnik wrote:
>>On (29/09/15 17:35), Nikolai Kondrashov wrote:
>>>On 09/29/2015 05:13 PM, Nikolai Kondrashov wrote:
On 09/29/2015 03:54 PM, Lukas Slebodnik wrote:
>ehlo,
>
>I touched the CI script and I
On (01/10/15 08:44), Lukas Slebodnik wrote:
>On (30/09/15 17:39), Nikolai Kondrashov wrote:
>>On 09/30/2015 08:20 AM, Lukas Slebodnik wrote:
>>>On (29/09/15 17:35), Nikolai Kondrashov wrote:
On 09/29/2015 05:13 PM, Nikolai Kondrashov wrote:
>On 09/29/2015 03:54 PM, Lukas Slebodnik wrote:
>>
36 matches
Mail list logo