URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorah
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
fidencio commented:
"""
Feel free to push it after running CI (I'll fire one here before calling it a
day),
"""
See the full comment at
https://github.com/SSSD/sssd/pull/217#issuecomme
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorah
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
fidencio commented:
"""
I've just tested it locally here. It works as expected.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/217#issuecomment-290230115
_
URL: https://github.com/SSSD/sssd/pull/217
Author: jhrozek
Title: #217: KCM: Fix off-by-one error in secrets key validation
Action: opened
PR body:
"""
This is a fix for a bug found by Fabiano. A simple reproducer is to try to
kinit as root with KCM.
"""
To pull the PR as Git branch:
git rem
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
CI is happier now: http://sssd-ci.duckdns.org/logs/job/66/49/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/215#issuecomment-290205579
_
URL: https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration
spbnick commented:
"""
A better CI result: http://sssd-ci.duckdns.org/logs/job/66/48/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/136#issuecomment-290197456
__
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/47/summary.html
there is a RHEL6 failure in the enumeration code. Because the test only failed
on RHEL-6, I don't think it's related
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
lslebodn commented:
"""
On (29/03/17 05:57), Jakub Hrozek wrote:
>So then the consumer of the API is expected to iterate over the paths and find
>a non-empty attribute? Because the paths
On (29/03/17 19:13), amit kumar wrote:
>Hello,
>
>*Present **Behavior*:
># vim /usr/local/etc/sssd/sssd.conf
>[sssd]
>services = nss, pam
>config_file_version = 2
>domains = LDAP
>
>[domain/LDAP]
>ldap_search_base = dc=example,dc=com
>id_provider = ldap
>*auth_provider = ldap9001**<== '**sssct
URL: https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration
spbnick commented:
"""
Alright, this one includes PAM exporting the original shell as well. One thing
that bothers me about the implementation is that now all responders are reading
the shell settings from the NSS section
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
retest this please
"""
See the full comment at
https://github.com/SSSD/sssd/pull/215#issuecomment-290113327
___
sssd-devel mailing l
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
I fixed the minor issues in comments and the man pages. I also fixed the issue
in the Kerberos provider with the following hunk:
```
diff --git a/src/providers/krb5/krb5_auth.c
URL: https://github.com/SSSD/sssd/pull/136
Author: spbnick
Title: #136: Tlog integration
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/136/head:pr136
git checkout pr136
From 22256f94283bce43698b903f6ccb93e58031784c M
Hello,
*Present **Behavior*:
# vim /usr/local/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = LDAP
[domain/LDAP]
ldap_search_base = dc=example,dc=com
id_provider = ldap
*auth_provider = ldap9001**<== '**sssctl config_check' does not
reports this1*
ldap_uri
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
There is still the same problem on rhel7 even with the latest version
```
(gdb) l 563
558 return;
559 }
560
561 len = http_parser_execute(&prctx->
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
* master:
82843754193b177275ce16f2901edac2060a3998
2cf7becc05996eb6d8a3352d3d7b97c75652e590
415d93196533a6fcd90889c67396ef5af5bf791a
"""
See the full comment at
ht
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahos
URL: https://github.com/SSSD/sssd/pull/209
Author: sumit-bose
Title: #209: IPA: lookup AD users by certificates on IPA clients
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/209/head:pr209
git checkout pr209
___
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
* master: 1c551b1373799643f3e9ba4f696d21b8fc57dafd
"""
See the full comment at
https://github.com/SSSD/sssd/pull/204#issuecomment-290083552
URL: https://github.com/SSSD/sssd/pull/204
Author: sumit-bose
Title: #204: krb5: return to responder that pkinit is not available
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/204/head:pr204
git checkout pr204
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedora
URL: https://github.com/SSSD/sssd/pull/201
Author: sumit-bose
Title: #201: Fix handling of binary keys in the ssh responder
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/201/head:pr201
git checkout pr201
__
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
* master:
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a
bd1fa0ec90be717c3b7796d74b6f243f40178d16
"""
See the full comment at
https://github.com/SSSD/sssd/pull/201#issueco
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
anyway, these patches work and we can push them
"""
See the full comment at
https://github.com/SSSD/sssd/pull/209#issuecomment-290081403
__
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorah
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
So then the consumer of the API is expected to iterate over the paths and find
a non-empty attribute? Because the paths from the domains where the user is not
are
URL: https://github.com/SSSD/sssd/pull/187
Author: fidencio
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/187/head:pr187
git che
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sss
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
jhrozek commented:
"""
* master:
16385568547351b5d2c562f3081f35f3341f695b
1e437af958f59a0b8bf2f751d3c2ea28365ac64d
66c8e92eb5a4985bb7f64c349a53b08030a000cf
34
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to s
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahost
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
The code looks good to me and seems to work fine:
```
./sss_ssh_authorizedkeys administra...@win.trust.test
ssh-rsa
B3NzaC1yc2EDAQABAAABAQDyLvhzmsoc5JFiBRFuWHP
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
sumit-bose commented:
"""
It is expected that ListByCertificate returns matches from all domains. So as
long as all the listed users have the certficate in their corresponding user
objec
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedo
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
ok, thanks!
"""
See the full comment at
https://github.com/SSSD/sssd/pull/204#issuecomment-290063709
___
sssd-devel
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
Hmm, looking at the debug output, it might be the cache_req's code fault:
```
(Wed Mar 29 11:30:04 2017) [sssd[ifp]] [cache_req_set_domain] (0x0400): CR #6:
Using d
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
These patches look OK, but I suspect we might have a bug in the IFP list code.
I added a certificate to a user's idview entry and now listing the certificate
shows
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/41/summary.html
It failed on rhel6 but the failure doesn't seem to be related to these patc
URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN
Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedora
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
rhel7 error
```
test_secrets.py::test_crd_ops PASSED
test_secrets.py::test_curlwrap_crd_ops FAILED
test_secrets.py::test_curlwrap_parallel PASSED
test_secrets.py::test_contain
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
pbrezina commented:
"""
```xml
POSIX domains are reachable by all services.
Application
domains are only reachable from
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
lslebodn commented:
"""
On (29/03/17 01:58), Jakub Hrozek wrote:
>I really don't mind one way or another. I find all the proposed versions of
>the condition complex, that's why I'm gla
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
We should skip secrets test on rhel6.
So the patch "ci: do not build secrets on rhel6" should also contain
```
diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/te
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
pbrezina commented:
"""
I fixed the hang. It was created due to newly added test in KCM patches that
uses POST to create a container. Tcurl test tool can provide body to POST
operation which was ma
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
pbrezina commented:
"""
I'm going to run CI before pushing these patches.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/198#issuecomment-290040911
__
URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN
mzidek-rh commented:
"""
Hi, I have this on my "to test" list, but could you please add a comment to the
code, why we use exactly 15. It is cleat from the ticket, but in the code the
number is a
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
I really don't mind one way or another. I find all the proposed versions of the
condition complex, that's why I'm glad there is a comment atop them.
So from my
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
@lslebodn: your comment has been addressed in the latest patch series.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
lslebodn commented:
"""
The patch "UTIL: Simplify usage of create_subdom_conf_path " did not move
function to right module.
The function `create_subdom_conf_p
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
jhrozek commented:
"""
On Wed, Mar 29, 2017 at 12:29:27AM -0700, lslebodn wrote:
> BTW the 1st patch "tcurl: add support for ssl and raw output" caused a hang
> in test_secrets and therefore interna
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/04/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/201#issuecomment-290007826
__
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
(the machine in CI is broken, not the patches..)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/209#issuecomment-290007734
_
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
I started the review by running CI which passed except rawhide which seems
broken: http://sssd-ci.duckdns.org/logs/job/66/06/summary.html
"""
See the full comment
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
BTW the 1st patch "tcurl: add support for ssl and raw output" caused a hang in
test_secrets and therefore internal CI was blocked whole night. The 2nd patch
"tcurl test: ref
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
I'm removing the Accepted label till our internal CI passes
"""
See the full comment at
https://github.com/SSSD/sssd/pull/187#issueco
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to s
58 matches
Mail list logo
