Re: [Freeipa-devel] [PATCH 0057] Don't show part of warning containing --force-ntpd in replica install

On 3.8.2016 19:39, Martin Basti wrote: On 03.08.2016 18:10, Petr Vobornik wrote: On 07/13/2016 12:36 PM, Stanislav Laznicka wrote: On 07/13/2016 09:51 AM, Petr Vobornik wrote: On 07/13/2016 08:26 AM, Stanislav Laznicka wrote: On 07/12/2016 08:44 AM, Stanislav Laznicka wrote: On 07/11/2016

Re: [Freeipa-devel] Broken IPA installations on F24

On Wed, Aug 03, 2016 at 02:17:30PM +0200, Martin Basti wrote: > Hello all, > > > update resteasy-*-3.0.17 from updates-testing prevents IPA (PKI CA) to be > installed on f24, > > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA > instance: Command '/usr/sbin/pkispawn

Re: [Freeipa-devel] [PATCH 0153] Fix ipa-replica-prepare's error message about missing local CA instanc

On 08/01/2016 11:38 AM, Petr Spacek wrote: Hello, Fix ipa-replica-prepare's error message about missing local CA instance ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed

Re: [Freeipa-devel] Broken IPA installations on F24

On (03/08/16 14:17), Martin Basti wrote: >Hello all, > > >update resteasy-*-3.0.17 from updates-testing prevents IPA (PKI CA) to be >installed on f24, > >ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA >instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpEQulGP'

Re: [Freeipa-devel] [PATCH 0153] Fix ipa-replica-prepare's error message about missing local CA instanc

On 01.08.2016 17:38, Petr Spacek wrote: Hello, Fix ipa-replica-prepare's error message about missing local CA instance ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed

Re: [Freeipa-devel] [PATCH 0032] Secure permission and cleanup Custodia server.keys

On 03.08.2016 19:18, Martin Basti wrote: On 02.08.2016 20:02, Christian Heimes wrote: On 2016-07-19 17:03, Martin Basti wrote: On 12.07.2016 16:45, Christian Heimes wrote: Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was

Re: [Freeipa-devel] [PATCH 0057] Don't show part of warning containing --force-ntpd in replica install

On 03.08.2016 18:10, Petr Vobornik wrote: On 07/13/2016 12:36 PM, Stanislav Laznicka wrote: On 07/13/2016 09:51 AM, Petr Vobornik wrote: On 07/13/2016 08:26 AM, Stanislav Laznicka wrote: On 07/12/2016 08:44 AM, Stanislav Laznicka wrote: On 07/11/2016 04:27 PM, Petr Vobornik wrote: On

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

On 03.08.2016 13:42, Christian Heimes wrote: On 2016-07-07 14:54, Martin Basti wrote: Patch needs changes in ipa-4-3 branch Here are patches for master and ipa-4-3 branch. I have rebased both patches to head. Christian ACK master: * 1de92b13266b7ac748581f963d8fe7bdb87d1563

Re: [Freeipa-devel] [PATCH 0032] Secure permission and cleanup Custodia server.keys

On 02.08.2016 20:02, Christian Heimes wrote: On 2016-07-19 17:03, Martin Basti wrote: On 12.07.2016 16:45, Christian Heimes wrote: Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was created with permission 644 and is only

Re: [Freeipa-devel] [PATCH 0057] Don't show part of warning containing --force-ntpd in replica install

On 07/13/2016 12:36 PM, Stanislav Laznicka wrote: > On 07/13/2016 09:51 AM, Petr Vobornik wrote: >> On 07/13/2016 08:26 AM, Stanislav Laznicka wrote: >>> On 07/12/2016 08:44 AM, Stanislav Laznicka wrote: On 07/11/2016 04:27 PM, Petr Vobornik wrote: > On 07/11/2016 01:23 PM, Stanislav

Re: [Freeipa-devel] [PATCH 0112-7] Speeding up cli help

On 3.8.2016 16:23, David Kupka wrote: On 21/07/16 10:12, Jan Cholasta wrote: Hi, On 20.7.2016 14:32, David Kupka wrote: On 15/07/16 12:53, David Kupka wrote: Hello! After Honza introduced thin client that builds plugins and commands dynamically from schema client became much slower. This is

Re: [Freeipa-devel] [PATCH 0112-7] Speeding up cli help

On 21/07/16 10:12, Jan Cholasta wrote: Hi, On 20.7.2016 14:32, David Kupka wrote: On 15/07/16 12:53, David Kupka wrote: Hello! After Honza introduced thin client that builds plugins and commands dynamically from schema client became much slower. This is only logical, instead of importing a

Re: [Freeipa-devel] certmonger proxy configuration not possible ?

Marx, Peter wrote: Hi, i have to access an external PKI server with SCEP protocol through our corporate proxy. On command line I can set the proxy and trigger a CSR with the scep-submit helper successfully. What are you setting, environment variables I assume? But same operation with

Re: [Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords

On 29.07.2016 18:19, Alexander Bokovoy wrote: On Fri, 29 Jul 2016, Martin Basti wrote: On 29.07.2016 17:09, Alexander Bokovoy wrote: > On Fri, 29 Jul 2016, Martin Basti wrote: > > https://fedorahosted.org/freeipa/ticket/6116 > > > > > > Patch attached > > > > > From

Re: [Freeipa-devel] [Test][Patch-0051] Fixed import error in replica promotion test

On 03.08.2016 11:55, Oleg Fayans wrote: Hi Martin, The commit message was extended. Thanks for the review! On 08/03/2016 10:36 AM, Martin Basti wrote: On 03.08.2016 09:55, Oleg Fayans wrote: ping for review On 06/28/2016 04:01 PM, Oleg Fayans wrote: ACK, if you improve commit

Re: [Freeipa-devel] [PATCH 0004-0012] Automatic CSR generation

On 08/01/2016 11:57 PM, Fraser Tweedale wrote: On Fri, Jul 29, 2016 at 11:13:16AM -0400, Ben Lipton wrote: On 07/29/2016 09:39 AM, Petr Spacek wrote: On 27.7.2016 19:06, Ben Lipton wrote: Hi all, I think the automatic CSR generation feature (https://fedorahosted.org/freeipa/ticket/4899,

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

Hi Martin, Thanks for the review! Both patches were updated. On 07/28/2016 04:11 PM, Martin Basti wrote: On 08.07.2016 15:41, Oleg Fayans wrote: Hi Martin, Thanks for the review! On 07/08/2016 02:18 PM, Martin Basti wrote: On 27.06.2016 13:53, Oleg Fayans wrote: Hi guys, Is there a

[Freeipa-devel] Broken IPA installations on F24

Hello all, update resteasy-*-3.0.17 from updates-testing prevents IPA (PKI CA) to be installed on f24, ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpEQulGP' returned non-zero exit status 1

[Freeipa-devel] [PATCH 0114] vault: Catch correct exception in decrypt

Pushed under one-liner rule, attaching path for reference. Pushed to master: 8ab0ad5b9ef59eca7b25a150baeb4a9bf8faa582 -- David Kupka From bf61c2549ae98869ee9faaf808491b5a21af813d Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 3 Aug 2016 10:35:40 +0200 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH 031] RedHatCAService should wait for local Dogtag instance

On 2016-07-07 14:54, Martin Basti wrote: > Patch needs changes in ipa-4-3 branch Here are patches for master and ipa-4-3 branch. I have rebased both patches to head. Christian From e3a99ef8a6245d6e1bca22b3b0cede5d2ff608e8 Mon Sep 17 00:00:00 2001 From: Christian Heimes

[Freeipa-devel] certmonger proxy configuration not possible ?

Hi, i have to access an external PKI server with SCEP protocol through our corporate proxy. On command line I can set the proxy and trigger a CSR with the scep-submit helper successfully. But same operation with getcert fails, as there is no proxy configuration possibility in e.g.

Re: [Freeipa-devel] [Test][Patch-0051] Fixed import error in replica promotion test

Hi Martin, The commit message was extended. Thanks for the review! On 08/03/2016 10:36 AM, Martin Basti wrote: On 03.08.2016 09:55, Oleg Fayans wrote: ping for review On 06/28/2016 04:01 PM, Oleg Fayans wrote: ACK, if you improve commit messages -- Oleg Fayans Quality Engineer

Re: [Freeipa-devel] [Test][Patch-0051] Fixed import error in replica promotion test

On 03.08.2016 09:55, Oleg Fayans wrote: ping for review On 06/28/2016 04:01 PM, Oleg Fayans wrote: ACK, if you improve commit messages -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [Test][Patch-0051] Fixed import error in replica promotion test

ping for review On 06/28/2016 04:01 PM, Oleg Fayans wrote: -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH] 0001 Added new authentication method

On Wed, 03 Aug 2016, Jan Pazdziora wrote: On Tue, Aug 02, 2016 at 05:57:38PM +0300, Alexander Bokovoy wrote: On Mon, 01 Aug 2016, Rob Crittenden wrote: > > How/where does the UI get a Kerberos ticket for the user? That's indeed a problem -- even with the PKINIT support in KDC that Simo is

Re: [Freeipa-devel] [PATCH] 0001 Added new authentication method

On Tue, Aug 02, 2016 at 05:57:38PM +0300, Alexander Bokovoy wrote: > On Mon, 01 Aug 2016, Rob Crittenden wrote: > > > > How/where does the UI get a Kerberos ticket for the user? > That's indeed a problem -- even with the PKINIT support in KDC that Simo > is polishing up now, we don't have a way