In your descriptions, can you translate all acronyms according to:
http://www.cryptsoft.com/pkcs11doc/v220/group__SEC__5__SYMBOLS__AND__ABBREVIATIONS.html
...and...
http://www.cryptsoft.com/pkcs11doc/v220/group__SEC__10__2__COMMON__ATTRIBUTES.html
E.g., instead of saying " pkcs11certificateCatego
I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running oVirt
3.3.0 pre-Beta in Fedora 18.
In order to get oVirt's JGSS crap to work with FreeIPA, I had to change
nsslapd-minssf to 1 (apparently a known issue right now in OpenJDK). But
this setting seems to break ipa CLI, and when I c
> Did you restart all IPA services including KDC after you changed the minssf?
Yes, tried many combinations of restarts and reboots trying to undo the
breakage.
I found a similar thread on here ("sudden ipa errors") where someone spent a
lot of time debugging when suddenly RH support came back
also turned on DNS
for my domain, but everything in DNS should match what I started out with
in /etc/hosts... Let me read what the install script is expecting here...
brb
On Tue, May 7, 2013 at 10:04 PM, Derek Moore wrote:
>
> > Did you restart all IPA services including KDC after you chan
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work (mostly) properly again last night.
But I still cannot get the XML-RPC server to function properly, the end of
the install script fails on /usr/sbin/ipa-client-install:
ipalib.errors.Network
e able to make meaningful
contributions as I become more familiar with this complex integration
product.
Thanks!
Derek
On Wed, May 8, 2013 at 2:15 PM, Rob Crittenden wrote:
> Derek Moore wrote:
>
>> Setting /etc/hostname manually and several restarts and reboots later, I
>&
asn't working).
Thanks again for the help, both of you!
On Wed, May 8, 2013 at 4:24 PM, Derek Moore wrote:
> Hey, that did it! You're the man!
>
> I didn't have to downgrade openldap, just changed /etc/openldap/ldap.conf
> to "SASL_NOCANON off". This allow
As someone who has fought with using/modifying/QA'ing unstable FreeIPA
installers from the nightly repos, I wholeheartedly second this motion!
Make sure the oVirt guys get wind of this idea also! ;)
PS: semi-related note — Can FreeIPA be made to consume the CSR that results
from the ovirt-host-de
lp making otopi
more sane.
On Thursday, November 14, 2013, Derek Moore wrote:
> As someone who has fought with using/modifying/QA'ing unstable FreeIPA
> installers from the nightly repos, I wholeheartedly second this motion!
>
> Make sure the oVirt guys get wind of this idea also! ;)
>
> Practically though, I think an idempotent installer opens a lot of cans of
> worms. Do we limit some answers to their original? Take for instance the
> REALM. Can someone change it on-the-fly? It would have some deep
> repercussions. Similarly, changing the hostname. There are all kinds of
> co
Is there an opportunity to also bring in OpenShift Origin, in particular
Broker, which also uses its own BIND with dyndb and/or nsupdate?
Maybe they don't care as much since they use a limited subset of BIND only
for namespace and app subdomains.
Knot DNS looks cool, hadn't heard of these guys ye
ed fixes into
> the MIT Kerberos V project for problems that have been know about for over
> a decade which in the past were declared as limitations rather than bugs
> by its original developers. While I still do firmly believe Heimdal
> Kerberos is a far superior Kerberos server for
iness hours oriented, which is when I'm usually working and not
tinkering on the fun stuff.
On Wednesday, November 20, 2013, Petr Spacek wrote:
> On 15.11.2013 18:30, Derek Moore wrote:
>
>> Is there an opportunity to also bring in OpenShift Origin, in particular
>> Broker,
re.
I don't see Mark Llama on the mailing list, so you might have to go to IRC
to catch him.
On Wed, Nov 20, 2013 at 8:26 AM, Dmitri Pal wrote:
> On 11/20/2013 09:15 AM, Derek Moore wrote:
>
> Perhaps whoever wrote these: ?
>
>
> http://www.freeipa.org/page/OpenShift_Br
>
> I don't see Mark Llama on the mailing list, so you might have to go to IRC
> to catch him.
>
Correction: I was taking Mark's username/handle too literally, he is:
Mark Lamourine
and he's active on their dev mailing list.
___
Freeipa-devel mailing
15 matches
Mail list logo
