URL: https://github.com/freeipa/freeipa/pull/5991
Author: sumit-bose
Title: #5991: extdom: return LDAP_NO_SUCH_OBJECT if domains differ
Action: opened
PR body:
"""
If a client sends a request to lookup an object from a given trusted
domain by UID or GID and an object with matching ID is only
URL: https://github.com/freeipa/freeipa/pull/4015
Author: sumit-bose
Title: #4015: ipa-kdd: Remove keys password auth is disabled
Action: opened
PR body:
"""
With commit 15ff9c8 a check was removed and as a result Kerberos keys
are unconditionally added to the user entry struct if they are
URL: https://github.com/freeipa/freeipa/pull/3542
Author: sumit-bose
Title: #3542: extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
Action: opened
PR body:
"""
A return code LDAP_NO_SUCH_OBJECT will tell SSSD on the IPA client to
remove the searched object from the cache. As a
URL: https://github.com/freeipa/freeipa/pull/2891
Author: sumit-bose
Title: #2891: ipa-extdom-exop: add instance counter and limit
Action: opened
PR body:
"""
The user and group lookups done by the extdom plugin might need some
time depending on the state of the service (typically SSSD)
URL: https://github.com/freeipa/freeipa/pull/2846
Author: sumit-bose
Title: #2846: ipa_sam: remove dependency to talloc_strackframe.h
Action: opened
PR body:
"""
Recent Samba versions removed some header files which did include
non-public APIs. As a result talloc_strackframe.h and memory.h
URL: https://github.com/freeipa/freeipa/pull/1537
Author: sumit-bose
Title: #1537: ipa-kdb: use magic value to check if ipadb is used
Action: opened
PR body:
"""
The certauth plugin is configured in /etc/krb5.conf independently form
the database module. As a result the IPA certauth plugin can
URL: https://github.com/freeipa/freeipa/pull/1529
Author: sumit-bose
Title: #1529: ipa-kdb: update trust information in all workers
Action: opened
PR body:
"""
Currently there is already code to make sure that after trust is established an
AS-REQ of the local HTTP principal causes a refresh
Hi,
please find attached a small python class (generated with asn1ate) which
might help to generate the needed data to send a request to the extdom
plugin directly. This might be useful to write tests.
To generate the base64 encoded data needed e.g. for the ldapexop command
I used:
from
URL: https://github.com/freeipa/freeipa/pull/1115
Author: sumit-bose
Title: #1115: ipa-kdb: reinit trusted domain data for enterprise principals
Action: opened
PR body:
"""
While processing enterprise principals the information about trusted domains
might not be up-to-date. With this patch
URL: https://github.com/freeipa/freeipa/pull/879
Title: #879: FIPS mode and NT hashes
sumit-bose commented:
"""
I just pushed a new version which include the upstream ticket reference in the
commit message, there are no changes to the code.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/879
Author: sumit-bose
Title: #879: FIPS mode and NT hashes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/879/head:pr879
git checkout pr879
From
URL: https://github.com/freeipa/freeipa/pull/879
Author: sumit-bose
Title: #879: FIPS mode and NT hashes
Action: opened
PR body:
"""
In FIPS mode NT hashes (aka md4) are not allowed. If FIPS more is detected we
disable NT hashes in the password plugin even is they are allowed by IPA
URL: https://github.com/freeipa/freeipa/pull/823
Title: #823: ipa-kdb: reload certificate mapping rules periodically
sumit-bose commented:
"""
> @sumit-bose I got confused by "periodically" in title and "every 5 minutes"
> in description. It works as expected.
ah, yes, I'm sorry the wording
URL: https://github.com/freeipa/freeipa/pull/823
Title: #823: ipa-kdb: reload certificate mapping rules periodically
sumit-bose commented:
"""
@dkupka, the reload only happens during processing the PKINIT request if the
rules are older than 5 minutes. It is not a timed event which runs all the
URL: https://github.com/freeipa/freeipa/pull/823
Title: #823: ipa-kdb: reload certificate mapping rules periodically
sumit-bose commented:
"""
@dkupka, ah, this is a side effect of having multiple workers (3907-3912). The
IPA context is not share between the workers so each will load the
URL: https://github.com/freeipa/freeipa/pull/823
Author: sumit-bose
Title: #823: ipa-kdb: reload certificate mapping rules periodically
Action: opened
PR body:
"""
With this patch the certificate mapping rules are reloaded every 5
minutes.
Resolves https://pagure.io/freeipa/issue/6963
"""
16 matches
Mail list logo