Re: [Freeipa-devel] [DESIGN] Thin client

On 26.4.2016 18:12, Petr Vobornik wrote: On 04/26/2016 12:28 PM, Jan Cholasta wrote: Hi, see for initial design of the Thin client feature. The API compatibility part of the design is work in progress (by me), as is the client side caching part (by

[Freeipa-devel] [PATCH 0102] DNS: Fix upgrade - master to forward zone transformatio

Hello, DNS: Fix upgrade - master to forward zone transformation This happens when upgrading from IPA <= 4.0 to versions 4.3+. DNS caching might cause false positive in code which replaces master zone with forward zone. This will effectivelly delete the master zone without adding a replacement

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On 04/26, Sumit Bose wrote: > On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote: > > > > > > - Original Message - > > > From: "Nathaniel McCallum" > > > To: "Matt Rogers" , freeipa-devel@redhat.com > > > Sent: Thursday, April 14, 2016

Re: [Freeipa-devel] [DESIGN] Thin client

On 04/26/2016 12:28 PM, Jan Cholasta wrote: > Hi, > > see for initial design of > the Thin client feature. The API compatibility part of the design is > work in progress (by me), as is the client side caching part (by David). > > Big thanks to David

Re: [Freeipa-devel] [PATCH] Added warning to user for Internet Explorer

Pavel Vomacka wrote: On 04/25/2016 01:00 PM, Abhijeet Kasurde wrote: Hi All, Please review the attached patch. Thanks, Abhijeet Kasurde Hi, thank you for the patch, ACK. I would add an "a" and change it to "Internet Explorer is no longer a supported browser." rob -- Manage your

Re: [Freeipa-devel] [PATCH] Added warning to user for Internet Explorer

On 04/25/2016 01:00 PM, Abhijeet Kasurde wrote: Hi All, Please review the attached patch. Thanks, Abhijeet Kasurde Hi, thank you for the patch, ACK. -- Pavel^3 Vomacka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0018-0030 webui: add support for more certificates

Self-NACK for patches 0027, 28, 29, 30 - used incorrect policy. I also attach all patches which were not changed - it is easier to get the whole patchset. On 04/26/2016 02:02 PM, Pavel Vomacka wrote: I forgot to mention that my patches requires patches from :

Re: [Freeipa-devel] URI in HBAC

On 26.4.2016 15:16, Jan Pazdziora wrote: > On Tue, Apr 26, 2016 at 02:16:54PM +0200, Petr Spacek wrote: * For backwards compatibility, lack of URI in request means any URI is matched (as described in the design document). Is it a good idea? Any other solution? >>> >>> For other

[Freeipa-devel] More Python 3 fixes

Hello, Here are two patches for problems with using IPA with Python 3. -- Petr Viktorin From aad8a7ea093e8aaf0d50f395ff0e0d7038fe55ff Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 26 Apr 2016 14:59:35 +0200 Subject: [PATCH] dns plugin: Fix zone normalization

Re: [Freeipa-devel] URI in HBAC

On Tue, Apr 26, 2016 at 02:16:54PM +0200, Petr Spacek wrote: > >> > >> * For backwards compatibility, lack of URI in request means any URI is > >> matched (as described in the design document). Is it a good idea? Any > >> other solution? > > > > For other attributes in HBAC rules, the lack of a

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote: > > > - Original Message - > > From: "Nathaniel McCallum" > > To: "Matt Rogers" , freeipa-devel@redhat.com > > Sent: Thursday, April 14, 2016 10:32:15 AM > > Subject: Re:

Re: [Freeipa-devel] [PATCH 0463] Performance: do not download password attributes in host/find-user command

On 22.04.2016 13:21, David Kupka wrote: On 22/04/16 10:58, Martin Basti wrote: On 21.04.2016 09:17, Martin Basti wrote: On 20.04.2016 16:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5281 Patch attached. selfNACK Updated patch attached. Works for me, ACK.

Re: [Freeipa-devel] URI in HBAC

On 26.4.2016 12:57, Jan Cholasta wrote: > Hi, > > On 25.4.2016 14:48, Lukáš Hellebrandt wrote: >> http://www.freeipa.org/page/V4/URI-based_HBAC >> >> I have made some important changes to the design document of this >> proposed feature. The difference is mainly changing regular expression >>

Re: [Freeipa-devel] [PATCHES 0464-0468] always set hostname during installation

On 26.04.2016 08:32, David Kupka wrote: On 22/04/16 12:48, Martin Basti wrote: On 20.04.2016 17:49, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5794 It requires my patch 441.2 Patches attached. Rebased patches attached, 441 has been pushed Martin^2 Thanks for

Re: [Freeipa-devel] [DESIGN] Thin client

On 26.4.2016 13:26, Petr Spacek wrote: On 26.4.2016 12:28, Jan Cholasta wrote: Hi, see for initial design of the Thin client feature. The API compatibility part of the design is work in progress (by me), as is the client side caching part (by

Re: [Freeipa-devel] [PATCH 0439] Do not do extra search for ipasshpubkey

On 22.04.2016 15:38, Stanislav Laznicka wrote: Seems to work as expected. Nitpick: feel free to fix the typo in the commit message: behavioar. ACK nonetheless. Standa forgot to sent ACK on list :), please note that ACK is here - Typo fixed Pushed to master:

[Freeipa-devel] [PATCH] 0018-0030 webui: add support for more certificates

Hello, the attached patches add support for more certificates and ability to add and remove certificates. Fixes these two tickets: https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 These patches add ability to view, get, download, revoke, restore and

Re: [Freeipa-devel] [DESIGN] Thin client

On 26.4.2016 12:28, Jan Cholasta wrote: > Hi, > > see for initial design of the > Thin client feature. The API compatibility part of the design is work in > progress (by me), as is the client side caching part (by David). > > Big thanks to David for

Re: [Freeipa-devel] URI in HBAC

Hi, On 25.4.2016 14:48, Lukáš Hellebrandt wrote: http://www.freeipa.org/page/V4/URI-based_HBAC I have made some important changes to the design document of this proposed feature. The difference is mainly changing regular expression interpretation of URI to longest-prefix matching. This change

[Freeipa-devel] [DESIGN] Thin client

Hi, see for initial design of the Thin client feature. The API compatibility part of the design is work in progress (by me), as is the client side caching part (by David). Big thanks to David for actually writing most of the text in the design

Re: [Freeipa-devel] [PATCH 0095-0098] NTP: use augeas, configure chronyd, do not overwrite config

On 26.4.2016 10:09, David Kupka wrote: > diff --git a/ipapython/configfile.py b/ipapython/configfile.py > new file mode 100644 > index > ..b48a9eae97dc4c1b19d6ae7e961ce701a4a36ed7 > --- /dev/null > +++ b/ipapython/configfile.py NACK, I think that Augeas

Re: [Freeipa-devel] Possble FreeIPA Trac Malicious Link

On 25/04/16 15:32, Gabe Alford wrote: Hey all, This is something we may need to watch for. I noticed that a possible malicious link was added to the FreeIPA Trac start page. You can view it here: https://fedorahosted.org/freeipa/wiki/WikiStart?action=diff=22. I changed it back to the original

Re: [Freeipa-devel] [PATCH 0095-0098] NTP: use augeas, configure chronyd, do not overwrite config

On 14/03/16 14:01, Martin Basti wrote: On 14.03.2016 13:46, Martin Babinsky wrote: On 03/11/2016 09:16 AM, David Kupka wrote: Current version (0.5.0) of python-augeas is missing copy() method. Use dkupka/python-augeas copr repo before new version it's build and available in the official

Re: [Freeipa-devel] [PATCH] 0053..0054 Configure lightweight CA key replication

On 21.4.2016 05:30, Fraser Tweedale wrote: On Thu, Apr 14, 2016 at 04:39:37PM +1000, Fraser Tweedale wrote: Hi all, The attached patches configure lightweight CA key replication on IPA CAs, on upgrade and installation. Patches 0051..0052 from my other mail are also needed for the system to

Re: [Freeipa-devel] [PATCH] 0051 Allow CustodiaClient to be used by arbitrary principals

On 25.4.2016 07:55, Jan Cholasta wrote: Hi, On 20.4.2016 08:22, Fraser Tweedale wrote: On Mon, Apr 18, 2016 at 03:44:08PM -0400, Simo Sorce wrote: On Thu, 2016-04-14 at 16:33 +1000, Fraser Tweedale wrote: On Wed, Apr 13, 2016 at 11:15:50AM +1000, Fraser Tweedale wrote: On Tue, Apr 12, 2016

Re: [Freeipa-devel] [PATCHES 0464-0468] always set hostname during installation

On 22/04/16 12:48, Martin Basti wrote: On 20.04.2016 17:49, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5794 It requires my patch 441.2 Patches attached. Rebased patches attached, 441 has been pushed Martin^2 Thanks for patch set. Works for me, ACK. -- David Kupka