[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically MartinBasti commented: """ master: * e8aed2524846f1cff3d09d676675f3b426178f60 ipa-kdb: reload certificate mapping rules periodically ipa-4-5: * d59694a93c3a734915d4ac05bb4e02

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ > @sumit-bose I got confused by "periodically" in title and "every 5 minutes" > in description. It works as expected. ah, yes, I'm sorry the wording is

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically dkupka commented: """ @sumit-bose I got confused by "periodically" in title and "every 5 minutes" in description. It works as expected. """ See the full comment at https://gith

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ @dkupka, the reload only happens during processing the PKINIT request if the rules are older than 5 minutes. It is not a timed event which runs all the

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically dkupka commented: """ @sumit-bose You're right but then there's ~6 hours gap where no reload happened. I would expect that there would be one attempt to reload every 5 minutes.

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ @dkupka, ah, this is a side effect of having multiple workers (3907-3912). The IPA context is not share between the workers so each will load the certif

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically dkupka commented: """ @sumit-bose Yes, I added rule that should allow the user to kinit with certificate. I tried and it worked. Then I modified the rule so it no longer matched

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ @dkupka, did you modify the rules so that PKINIT should fail or how did you test. I tried to reproduce but according to the logs the rules are reloaded

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically dkupka commented: """ @sumit-bose Works suspiciously well. I would expect some delay (up to 5 minutes) between modifying the rule and the change being effective but there's none