URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
abbra commented:
"""
LGTM. Thank you finding and fixing this issue.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecomment-282467859
--
Manage your subscription for th
URL: https://github.com/freeipa/freeipa/pull/508
Author: flo-renaud
Title: #508: Fix ipa.service unit re. gssproxy
Action: opened
PR body:
"""
ipa.service unit defines Requires=gssproxy. Because of this, during
ipa-server-upgrade, the restart of gssproxy triggers a restart of ipa unit
(hence s
On pe, 24 helmi 2017, Oucema Bellagha wrote:
while I'm trying to add an ipa token to freeipa server: ipa
otptoken-add-yubikey --slot=2
I got the following error:
ipa: ERROR: non-public: ValueError: No backend available
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/i
while I'm trying to add an ipa token to freeipa server: ipa
otptoken-add-yubikey --slot=2
I got the following error:
ipa: ERROR: non-public: ValueError: No backend available
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in
execute
r
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contrib
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
MartinBasti commented:
"""
Works for me, except, ipa-server-install --setup-adtrust works even without
freeipa-server-trust-ad package. Please fix this in a new PR in way how DNS is
done
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: Use IPA CA cert in Custodia secrets client
simo5 commented:
"""
Works for me.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/506#issuecomment-282282986
--
Manage your subscription for the Freeipa-devel mailing
URL: https://github.com/freeipa/freeipa/pull/507
Title: #507: Use https to get security domain from Dogtag
tiran commented:
"""
The patch hardens the installer a bit. It would be a good idea to backport the
patch to 4.4.
It's not critical since it's a read operation on localhost.
"""
See the
URL: https://github.com/freeipa/freeipa/pull/507
Title: #507: Use https to get security domain from Dogtag
pvoborni commented:
"""
I.e. I want to know if something needs to be or should be backported.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/507#issuecomment-2822810
URL: https://github.com/freeipa/freeipa/pull/507
Title: #507: Use https to get security domain from Dogtag
pvoborni commented:
"""
What is a context of this patch? Is something broken only in master. Or also
4.4, Fedora, RHEL,...?
"""
See the full comment at
https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
The issues from the previous build should be resolved now, can be reviewed,
hopefully the build passes.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/367#issuecommen
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: Use IPA CA cert in Custodia secrets client
Action: edited
Changed field: title
Original value:
"""
added ssl verification
"""
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/
URL: https://github.com/freeipa/freeipa/pull/507
Author: tiran
Title: #507: Use https to get security domain from Dogtag
Action: opened
PR body:
"""
Signed-off-by: Christian Heimes
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreei
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
tiran commented:
"""
LGTM, but I want @simo5 to give the final ACK.
Since Custodia is only used during replica installation on an enrolled system,
ipa-client-install has already provided the certificate. I don
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
From 6664a947ad920
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
From ad8017a44cc9775f8e
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
tscherf commented:
"""
Sorry, closed this by mistake.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/506#issuecomment-282263664
--
Manage your subscription for the Freeipa-devel mailing l
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
--
Manage your subscriptio
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
--
Manage your subscri
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
tscherf commented:
"""
When the system wide trust store is supposed to be used here, then something
else must be broken somewhere in the verification code. Without explicitly
using the IPA trust anchor stored
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
tiran commented:
"""
Please change the title of the commit, too. It's implies that we did not verify
certs in the past.
In the future please don't call the system trust store a random collection of
CAs. It's
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
From 051af0fda6e38d6c80
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
HonzaCholasta commented:
"""
We don't want to trust certificates issued by random internet CAs, this is how
it should have been from the beginning. A commit message would be nice though.
@tscherf, please add t
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
tiran commented:
"""
Why do you propose to change the settings? By default python-requests enforces
certificate validation. Without additional settings, it uses the system trust
store. The IPA root CA is injec
URL: https://github.com/freeipa/freeipa/pull/506
Author: tscherf
Title: #506: added ssl verification
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/506/head:pr506
git checkout pr506
From 05b8e
URL: https://github.com/freeipa/freeipa/pull/505
Author: HonzaCholasta
Title: #505: dns: fix `dnsrecord_add` interactive mode
Action: opened
PR body:
"""
`dnsrecord_add` interactive mode might prompt for value of non-existent
arguments `a_part_create_reverse` and `_part_create_reverse`. Th
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
Akasurde commented:
"""
@MartinBasti Will implement tracker class in different PR.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/503#issuecomment-282251828
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
MartinBasti commented:
"""
@Akasurde what is your opinion about creating a Tracker class for certificate?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/503#issuecomment-282
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints
tomaskrizek commented:
"""
I've dropped the commit that modified the deprecated file.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/504#issuecomment-282247242
--
Manage your subscriptio
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
Akasurde commented:
"""
@MartinBasti I am working on other improvements and will update this PR
accordingly.
- [ ] Issuing CA
- [ ] Subject
- [ ] Issuer
- [ ] Serial number
- [ ] Serial number (
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
From 690ff813eefec
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
Akasurde commented:
"""
@MartinBasti I working on other improvements and will update this PR
accordingly.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/503#issuecomment-28
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
Akasurde commented:
"""
@MartinBasti I am working on other improvements and will update this PR
accordingly.
- [x] Issuing CA
- [ ] Subject
- [ ] Issuer
- [ ] Serial number
- [ ] Serial number (
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
Akasurde commented:
"""
@MartinBasti I working on other improvements and will update this PR
accordingly.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/503#issuecomment-28
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints
MartinBasti commented:
"""
Do not touch `install/share/copy-schema-to-ca.py` ever (this will be removed
soon from master, just waiting for ACKs)
"""
See the full comment at
https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints
stlaz commented:
"""
As discussed about hundred times before, do not touch
`install/share/copy-schema-to-ca.py`.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/504#issuecomment-282244201
URL: https://github.com/freeipa/freeipa/pull/503
Title: #503: [WIP] Update testcase for cert plugin
MartinBasti commented:
"""
I left some inline comments, this improves the test but it still misses several
features to be tested.
You can finish these improvements and it can be pushed and add mo
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: opened
PR body:
"""
As discussed on the [devel
list](https://www.redhat.com/archives/freeipa-devel/2017-February/msg01095.html),
adding SHA256 fingerprints for certs and keeping
URL: https://github.com/freeipa/freeipa/pull/500
Title: #500: Replace sha1 fingerprints with sha256
Label: +rejected
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/500
Author: tomaskrizek
Title: #500: Replace sha1 fingerprints with sha256
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/500/head:pr500
git checkout pr500
--
Manage
URL: https://github.com/freeipa/freeipa/pull/500
Title: #500: Replace sha1 fingerprints with sha256
MartinBasti commented:
"""
https://www.redhat.com/archives/freeipa-devel/2017-February/msg01083.html
This was discussed in that thread and resolution is to not remove sha1
@tiran sha256 is alrea
On 24.02.2017 08:46, Tomas Krizek wrote:
On 02/24/2017 08:34 AM, Standa Laznicka wrote:
On 02/24/2017 08:29 AM, Jan Cholasta wrote:
On 23.2.2017 19:06, Martin Basti wrote:
On 23.02.2017 15:09, Tomas Krizek wrote:
On 02/22/2017 01:44 PM, Fraser Tweedale wrote:
On Wed, Feb 22, 2017 at 01:41
URL: https://github.com/freeipa/freeipa/pull/500
Title: #500: Replace sha1 fingerprints with sha256
tiran commented:
"""
Let's step on the breaks first and do a proper threat analysis. Is it really
necessary to drop SHA-1 like a hot potato and go for SHA-256 right now? It
still takes a lot of
URL: https://github.com/freeipa/freeipa/pull/500
Title: #500: Replace sha1 fingerprints with sha256
tiran commented:
"""
Let's step on the breaks first and do a proper threat analysis. Is it really
necessary to drop SHA-1 like a hot potato and go for SHA-256 right now? It
still takes a lot of
46 matches
Mail list logo
