On 01.07.2016 09:25, Martin Babinsky wrote:
On 06/30/2016 11:17 PM, David Kupka wrote:
On 28/06/16 20:08, Martin Babinsky wrote:
On 06/24/2016 09:52 AM, Martin Babinsky wrote:
Hi list,

I am furiously working on tickets related to the proper support and API
for managing kerberos principal aliases for hosts, users, and

To better track and comment on my progress, I have forked freeipa on git
and created a branch for you to test and review. The link is here:


Please be aware that I may force-push into the branch without warning
when fixing issues we will discover during testing/review.

[1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases
[2] https://fedorahosted.org/freeipa/ticket/3864
[3] https://fedorahosted.org/freeipa/ticket/3961
[4] https://fedorahosted.org/freeipa/ticket/1365
[5] https://fedorahosted.org/freeipa/ticket/5413

Based on Jan's suggestions I have reworked the code substantially and
force-pushed it into the github branch. Please review.


I have gone through the code and tested the functionality in basic use
cases (server-install, upgrade, replica-install, adding/removing
principals, getting ticket with alias, ...). Code looks good to me and
everything* seems to work smoothly.

condACK, if Pavel or Petr^1 (or anyone else who tried this) don't report
any issue really soon.

*except for https://fedorahosted.org/freeipa/ticket/6017

Thanks, David.

here are the reviewed patches rebased on the most current master. If no one objects I suggest to push them.

* de6abc7af2dac7994b0fff4396115320d1a9a54d ipapython module for Kerberos principal manipulation and parsing * e6fc8f84d3ad5fc4c030ad592a3d743c02393439 Test suite for `ipapython/kerberos.py` * 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 ipalib: introduce Principal parameter * c2af032c0333f7e210c54369159d1d9f5e3fec74 Migrate management framework plugins to use Principal parameter * d1517482b5e9508780087ec48be63a5bb531fed9 Add ACI for admins to modify principal attributes * 7e803aa4625869ef6a8e78a09cd99270c4cc77e5 replace an ACI relying on presence of deprecated objectclass * 750a392fe22aa8ddcb21077e8c24b96d36ecf20c Allow for commands that use positional parameters to add/remove attributes * a28d312796839e3413c98ee37d34ccc892e85357 Make framework consider krbcanonicalname as service primary key * e6ff83e3610d553f6ff98e3adbfbe3c6984b2f17 Provide API for management of host, service, and user principal aliases * acf2234ebc8609a35a8f45598d5d817cbdbff121 Unify display of principal names/aliases across entities

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to