On 16.6.2014 15:35, Jan Cholasta wrote:
Hi,
the attached patches implement
https://fedorahosted.org/freeipa/ticket/3737.
My patches 241-253 and 262-294 are required for this
(http://www.redhat.com/archives/freeipa-devel/2014-June/msg00276.html,
http://www.redhat.com/archives/freeipa-devel/2014
On 16.6.2014 22:36, Rob Crittenden wrote:
Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
the attached patches implement
https://fedorahosted.org/freeipa/ticket/3259 and
https://fedorahosted.org/freeipa/ticket/3520.
This work depends on my patches 241-253 and 262-266
(http://www.redhat.com
value
directly, or exclude the attributes from decoding to datetime by
overriding their type in IPASimpleLDAPObject._SYNTAX_OVERRIDE.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman
()
All other uses of datetime.now() predate LDAP datetime decoding, so I
think we are fine.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
, a user may not access the object until the user has
been authenticated to the token (what PKCS#11 spec says).
Simo.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
=2204
[4] http://marc.info/?l=openssl-devm=126953517430167w=2
[5] https://tools.ietf.org/html/rfc6031#section-2
[6] https://www.openssl.org/docs/crypto/RSA_public_encrypt.html
[7]
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/csprd02/pkcs11-curr-v2.40-csprd02.html#_Toc387327841
--
Jan
On 23.6.2014 13:01, Martin Kosek wrote:
On 06/18/2014 02:09 PM, Jan Cholasta wrote:
...
3) I am thinking why do we need to introduce all the ASN parsing? I am talking
about _decode_krb5principalname and others. If we do not use the result
anywhere, why should we include this part at all
, not an error, but that
would require larger amount of work, so I guess it's OK for now.)
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
and override execute().
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 20.6.2014 13:06, Martin Basti wrote:
Patch attached
ACK.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4373.
Honza
--
Jan Cholasta
From c933fa17a556ccc7ce142f81c6d6aaac15d0931d Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 18 Jun 2014 15:26:17 +0200
Subject: [PATCH] Do not corrupt sshd_config
On 13.6.2014 21:59, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 12:43 -0400, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 12:12 +0200, Ludwig Krispenz wrote:
On 05/13/2014 04:33 PM, Jan Cholasta wrote:
On 12.5.2014 21:02, Nathaniel McCallum wrote:
On Thu, 2014-05-08 at 13:51 -0400
On 16.6.2014 13:31, Martin Kosek wrote:
On 06/11/2014 02:59 PM, Jan Cholasta wrote:
On 11.6.2014 13:29, Martin Kosek wrote:
On 06/11/2014 10:58 AM, Jan Cholasta wrote:
On 10.6.2014 09:55, Martin Kosek wrote:
On 06/06/2014 12:50 PM, Jan Cholasta wrote:
On 23.1.2014 14:34, Jan Cholasta wrote
).
The installation/testing guidelines from
http://www.redhat.com/archives/freeipa-devel/2014-March/msg00385.html
apply here as well.
Honza
--
Jan Cholasta
From 73b54fdd44a7f59f40b0e34dd565020deea74f00 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 13 Jun 2014 14:44:03 +0200
Subject
On 10.6.2014 09:55, Martin Kosek wrote:
On 06/06/2014 12:50 PM, Jan Cholasta wrote:
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote:
On 22.1.2014 15:34, Simo Sorce wrote:
On Wed, 2014-01-22 at 10:40 +0100
, but it should succeed, I think.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11.6.2014 13:29, Martin Kosek wrote:
On 06/11/2014 10:58 AM, Jan Cholasta wrote:
On 10.6.2014 09:55, Martin Kosek wrote:
On 06/06/2014 12:50 PM, Jan Cholasta wrote:
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan
point for someone new to doing reviews.
Nathaniel
I can't imagine a situation in which having these in separate commits
would be beneficial, so I don't think this really deserves to be split
among multiple patches.
Honza
--
Jan Cholasta
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote:
On 22.1.2014 15:34, Simo Sorce wrote:
On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote:
On 21.1.2014 17:12, Simo Sorce wrote:
Later in the patch you seem
On 28.5.2014 22:44, Nathaniel McCallum wrote:
On Mon, 2014-05-26 at 16:57 +0200, Jan Cholasta wrote:
On 13.5.2014 19:12, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 16:33 +0200, Jan Cholasta wrote:
On 12.5.2014 21:02, Nathaniel McCallum wrote:
On Thu, 2014-05-08 at 13:51 -0400, Simo
On 23.5.2014 16:36, Martin Kosek wrote:
On 05/20/2014 11:16 AM, Jan Cholasta wrote:
On 20.5.2014 08:28, Martin Kosek wrote:
Hi there,
I checked the update CA Certificate renewal feature design page and one part
seemed awkward to me:
http://www.freeipa.org/page/V4/CA_certificate_renewal
On 30.5.2014 16:11, Nalin Dahyabhai wrote:
On Fri, May 30, 2014 at 09:09:46AM +0200, Jan Cholasta wrote:
On 29.5.2014 19:44, Nalin Dahyabhai wrote:
I'm working on adding to certmonger the ability to read the IPA root
certificate from the server and store it locally, and I'm looking at the
V4
On 2.6.2014 17:29, Martin Basti wrote:
On Mon, 2014-06-02 at 17:09 +0200, Martin Basti wrote:
On Mon, 2014-06-02 at 16:21 +0200, Jan Cholasta wrote:
On 2.6.2014 13:50, Martin Basti wrote:
Rebased patches attached
I got this test failure
that webui code needs to be updated to understand DNS names in RPC.)
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
) % {'domain': value,
+ 'normalized': normalized_domain_name}
I thought we decided to drop this check, because of IDNA 2008?
Patch 38:
It seems you left out the normalize_zonemgr and normalize_zone
modifications I have suggested. Is there a reason for this?
--
Jan
/CA_certificate_renewal#Shared_certificate_store
[2]
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-existing.html#openssl-trusted
(Yes, I will update the design page.)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
?
stageduser-undel suggests it's opposite of stageduser-del, which it is
not. An alternative would be something like stageduser-add-from-deleted,
but that's really long, hence my proposal to use stageduser-add.
Thierry, you know what to do :-)
Martin
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
IMO virtually any kind of entry should be supported in the staging tree.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 26.5.2014 10:18, Martin Kosek wrote:
On 05/26/2014 09:33 AM, Jan Cholasta wrote:
On 26.5.2014 07:49, Martin Kosek wrote:
...
5) modifying
(in active) ipa user-mod tuser ...
Ok.
(in stage)ipa user-mod tuser --staged ...
Simo did not like this command, I would personally
On 26.5.2014 18:23, Nathaniel McCallum wrote:
On Mon, 2014-05-26 at 09:56 +0200, Jan Cholasta wrote:
On 23.5.2014 23:19, Nathaniel McCallum wrote:
On Wed, 2014-05-14 at 14:08 -0400, Nathaniel McCallum wrote:
Occasionally OTP tokens get out of sync with the server. When this
happens, the user
-find?
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
? And who wants to help me
do it? Also, I am all ears for easier solutions for this feature.
I would go for the refactoring, the rpcserver code does indeed need some
love.
Nathaniel
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 13.5.2014 19:12, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 16:33 +0200, Jan Cholasta wrote:
On 12.5.2014 21:02, Nathaniel McCallum wrote:
On Thu, 2014-05-08 at 13:51 -0400, Simo Sorce wrote:
On Thu, 2014-05-08 at 12:26 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 11:17
On 23.5.2014 10:13, Petr Viktorin wrote:
On 05/23/2014 08:33 AM, Martin Kosek wrote:
On 05/23/2014 07:48 AM, Jan Cholasta wrote:
On 22.5.2014 19:27, Simo Sorce wrote:
On Thu, 2014-05-22 at 15:35 +0200, Martin Kosek wrote:
On 05/21/2014 10:11 PM, Dmitri Pal wrote:
On 05/21/2014 03:06 PM
On 22.5.2014 15:07, Petr Viktorin wrote:
This fixes https://fedorahosted.org/freeipa/ticket/4349.
See the ticket for a description.
Looks OK to me, ACK.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com
On 22.5.2014 16:21, Nathaniel McCallum wrote:
I still need a review on this.
On Wed, 2014-05-07 at 10:06 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 15:54 +0200, Petr Vobornik wrote:
On 6.5.2014 17:07, Nathaniel McCallum wrote:
On Tue, 2014-05-06 at 16:11 +0200, Jan Cholasta wrote
it be easier to manipulate?
No.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
of the `user` object, which may turn out to be more practical.)
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 19.5.2014 16:03, thierry bordaz wrote:
On 05/19/2014 03:54 PM, Jan Cholasta wrote:
On 19.5.2014 15:19, Petr Viktorin wrote:
Hello list,
Here's a conversation that started internally. I'm making it public.
On 05/19/2014 01:00 PM, Martin Kosek wrote:
On 05/19/2014 12:46 PM, Petr Viktorin
On 19.5.2014 16:34, thierry bordaz wrote:
On 05/19/2014 04:22 PM, Jan Cholasta wrote:
On 19.5.2014 16:03, thierry bordaz wrote:
On 05/19/2014 03:54 PM, Jan Cholasta wrote:
On 19.5.2014 15:19, Petr Viktorin wrote:
Hello list,
Here's a conversation that started internally. I'm making it public
On 13.5.2014 13:24, Martin Kosek wrote:
On 05/13/2014 12:54 PM, Petr Viktorin wrote:
On 05/07/2014 06:15 PM, Dmitri Pal wrote:
On 05/07/2014 11:46 AM, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 09:50 -0400, Dmitri Pal wrote:
On 05/07/2014 04:06 AM, Jan Cholasta wrote:
On 6.5.2014 19:55
to be run on IPA servers only? Because I
don't see anything in the code that would mandate that.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 13.5.2014 15:20, Nathaniel McCallum wrote:
On Tue, 2014-05-13 at 15:13 +0200, Jan Cholasta wrote:
Hi,
On 13.5.2014 01:39, Nathaniel McCallum wrote:
The attached patch implements the OTP Token import script. However, it
doesn't work. Specifically, at the bottom of the file, when I call
, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 11:42 +0200, Jan Cholasta wrote:
Hi,
On 6.5.2014 17:08, Nathaniel McCallum wrote:
On Tue, 2014-05-06 at 09:49 -0400, Nathaniel McCallum wrote:
On Mon, 2014-05-05 at 12:42 -0400, Nathaniel McCallum wrote:
This also constitutes a rethinking
.
Nathaniel
IMO you should update API.txt with ./makeapi
Running ./makeapi results in no changes to API.txt.
This is not right, there *are* changes in the API and build fails for me
becase API.txt is not updated.
--
Jan Cholasta
___
Freeipa-devel
. Is there anything stopping you from doing the same thing with
ipasudorunasextuser?
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
using dateutil?
IIRC it was rejected right at the beginning as an overkill.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
in other way) the token. On otptoken-add, managedby would
be set to the whoami user DN, unless run with --protected, in which
case managedby would be left empty. Then, when deleting a user, the
token would be deleted only if the user manages the token.
Honza
--
Jan Cholasta
--whoami when
authenticated as non-user, the result will be empty.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 6.5.2014 15:16, Nathaniel McCallum wrote:
On Tue, 2014-05-06 at 13:46 +0200, Jan Cholasta wrote:
Hi,
On 5.5.2014 18:40, Nathaniel McCallum wrote:
Creating tokens for yourself is the most common operation. Making this
the default optimizes for the common case.
The user-find call should
Hi,
On 2.5.2014 23:45, Nathaniel McCallum wrote:
Patch attached
ACK, but there is one additional occurence of otp-add in a comment in
install/ui/src/freeipa/otptoken.js.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel
an ipk11uniquid to be used as naming attr for storage
objects, but there are no definitions on its structure, you could use it
as you like as long as it is unique (could be unique and meaningful and
readable)
+1 on the last suggestion
Honza
--
Jan Cholasta
On 5.5.2014 19:10, Nathaniel McCallum wrote:
Attached.
ACK.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 24.4.2014 23:16, Rob Crittenden wrote:
Jan Cholasta wrote:
On 10.4.2014 22:06, Rob Crittenden wrote:
Some in-line, a whole ton of data appended to end.
Jan Cholasta wrote:
On 7.4.2014 20:09, Rob Crittenden wrote:
Rob Crittenden wrote:
247
We've been burned by hardcoded timeouts
:
return target_type(val)
except Exception, e:
and add code for formatting datetime values to the textui backend.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo
-replica-install) operating with cn=masters bind as DM
(either via password or with External bind) and i.e. should not need the ACI.
Renewal scripts need access to cn=masters and bind as host.
Martin
--
Jan Cholasta
___
Freeipa-devel mailing list
(name, args)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 965, in
__request
raise error_class(message=error['message'])
NotFound: 70.16.172.in-addr.arpa.: DNS zone not found
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa
On 18.4.2014 12:43, Petr Viktorin wrote:
On 04/18/2014 10:57 AM, Jan Cholasta wrote:
On 17.4.2014 16:58, Petr Viktorin wrote:
On 04/17/2014 02:33 PM, Tomas Babej wrote:
ACK for 256 - 259.
On 04/01/2014 10:45 AM, Jan Cholasta wrote:
Hi,
while working with Martin Bašti on issues in his dns
of opposite direction, so I
can't say I like it.
Currently we use LDAPEntry in frontend code directly, but I think that's
wrong. There should be a frontend-specific class for this (make
ipalib.frontend.Object instantiable?) and LDAPEntry should be used
(almost) only in backend code.
Honza
--
Jan
of the basic use cases.
Thoughts?
Makes sense. I'd do it around the time we move self-service to permissions.
Simo, can you reserve two more OIDs for the attributes?
I don't think we need creatorsName, we already have managedBy. Or am I
missing something?
Honza
--
Jan Cholasta
On 4.4.2014 12:59, Petr Spacek wrote:
On 3.4.2014 15:35, Jan Cholasta wrote:
I would shorten origin_sign to just sign.
Sign of what? Decay? :-) I don't think that sign is descriptive enough,
I would personally stick with origin_sign.
Whoops, I meant origin. The _sign bit seems a little bit
magic values defined elsewhere.
Over the weekend I prepared a great argument about this and look, I am
sick for one day and suddenly don't have to post it anymore :-)
Glad we reached an agreement on this.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing
On 8.4.2014 09:50, Petr Spacek wrote:
On 8.4.2014 09:22, Jan Cholasta wrote:
On 4.4.2014 12:59, Petr Spacek wrote:
On 3.4.2014 15:35, Jan Cholasta wrote:
I would shorten origin_sign to just sign.
Sign of what? Decay? :-) I don't think that sign is descriptive enough,
I would personally stick
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Petr Spacek wrote:
On 8.4.2014 09:22, Jan Cholasta wrote:
On 4.4.2014 12:59, Petr Spacek wrote:
On 3.4.2014 15:35, Jan Cholasta wrote:
I would shorten origin_sign to just sign.
Sign of what? Decay? :-) I don't think that sign
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Petr Spacek wrote:
On 8.4.2014 09:22, Jan Cholasta wrote:
On 4.4.2014 12:59, Petr Spacek wrote:
On 3.4.2014 15:35, Jan Cholasta wrote:
I
On 8.4.2014 10:19, Petr Spacek wrote:
On 8.4.2014 10:14, Jan Cholasta wrote:
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Petr Spacek wrote:
On 8.4.2014 09:22, Jan Cholasta wrote
On 8.4.2014 10:31, Petr Spacek wrote:
On 8.4.2014 10:29, Jan Cholasta wrote:
On 8.4.2014 10:19, Petr Spacek wrote:
On 8.4.2014 10:14, Jan Cholasta wrote:
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4300.
Honza
--
Jan Cholasta
From 7439c75bc2db63ebf2268a02e4972fefbc7d828a Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 8 Apr 2014 13:12:47 +0200
Subject: [PATCH] Fix upload of CA certificate
more later ;-)
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4294.
Honza
--
Jan Cholasta
From b0e3b7c855b517ef75abd3d9eac4d5db63ef4767 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 2 Apr 2014 10:28:00 +0200
Subject: [PATCH] Fix update_ca_renewal_master
' on each of them. Note that currently you
can't change the chaining of the CA certificate.
Honza
--
Jan Cholasta
From 3b3c5b99c1005a049436dc262cf8258daf7486c3 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 12 Mar 2014 11:41:02 +0100
Subject: [PATCH 01/13] Add function
On 12.3.2014 19:59, Petr Viktorin wrote:
On 03/10/2014 01:03 PM, Jan Cholasta wrote:
On 17.10.2013 18:59, Jan Cholasta wrote:
On 17.10.2013 18:01, Petr Viktorin wrote:
On 10/17/2013 02:21 PM, Jan Cholasta wrote:
Hi,
this patchset contains refactoring of the certificate renewal code,
which
On 12.3.2014 16:14, Stef Walter wrote:
On 05.03.2014 18:02, Jan Cholasta wrote:
On 5.3.2014 13:20, Stef Walter wrote:
On 03.03.2014 15:24, Jan Cholasta wrote:
On 3.3.2014 15:07, Stef Walter wrote:
On 03.03.2014 15:03, Jan Cholasta wrote:
If you plug a PKCS#11 module into p11-kit, will p11
On 28.1.2014 14:44, Petr Viktorin wrote:
On 01/23/2014 03:47 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4093.
Honza
This needs a rebase for the new LDAP API.
Fixed and rebased on top of current master.
--
Jan Cholasta
From
On 6.3.2014 16:56, Jakub Hrozek wrote:
On Wed, Mar 05, 2014 at 05:56:25PM +0100, Jan Cholasta wrote:
On 5.3.2014 16:02, Petr Spacek wrote:
a) Do not invent any new schema for certificates and public keys. A set
of PKCS-providers in SSSD will aggregate the data from various sources
)
I have been getting them for quite some time now. Any idea what might be
the cause?
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 25.2.2014 11:15, Tomas Babej wrote:
On 01/14/2014 10:19 AM, Petr Viktorin wrote:
On 01/14/2014 09:27 AM, Jan Cholasta wrote:
On 13.1.2014 14:57, Petr Vobornik wrote:
On 13.1.2014 13:41, Jan Cholasta wrote:
Hi,
On 10.1.2014 21:21, Nathaniel McCallum wrote:
On Thu, 2014-01-09 at 16:30
needs to be rebased again.
I think you can drop the (UTC) here, as only values ending with Z
are now accepted for DateTime:
+label=_('Kerberos principal expiration (UTC)'),
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel
On 5.3.2014 14:21, Simo Sorce wrote:
On Wed, 2014-03-05 at 10:53 +0100, Petr Spacek wrote:
On 5.3.2014 08:48, Jan Cholasta wrote:
On 5.3.2014 05:10, Simo Sorce wrote:
On Tue, 2014-03-04 at 18:32 -0500, Dmitri Pal wrote:
Remote means that there is a PKCS#11 library that can be loaded
On 5.3.2014 14:51, Petr Viktorin wrote:
Hello,
This patch fixes a failing test setup where logging was configured
before the API was bootstrapped.
The __setattr__ is moved before a conditional return.
ACK, the test failures are gone.
--
Jan Cholasta
On 5.3.2014 16:02, Petr Spacek wrote:
On 5.3.2014 14:21, Simo Sorce wrote:
On Wed, 2014-03-05 at 10:53 +0100, Petr Spacek wrote:
On 5.3.2014 08:48, Jan Cholasta wrote:
On 5.3.2014 05:10, Simo Sorce wrote:
On Tue, 2014-03-04 at 18:32 -0500, Dmitri Pal wrote:
Remote means that there is a PKCS
On 5.3.2014 13:20, Stef Walter wrote:
On 03.03.2014 15:24, Jan Cholasta wrote:
On 3.3.2014 15:07, Stef Walter wrote:
On 03.03.2014 15:03, Jan Cholasta wrote:
If you plug a PKCS#11 module into p11-kit, will p11-kit use NSS trust
objects from the module?
No. This is the spec for storing trust
implement the PKCS#11 module themselves.
Simo.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
somehow
extracting it and moving it back, if needed.
I really don't see how tainting ipapython with stuff that is pure ipalib
will make the code cleaner.
(And the first patch is just some general cleanup.)
ACK on that.
Honza
--
Jan Cholasta
On 28.2.2014 16:29, Petr Viktorin wrote:
On 02/04/2014 03:01 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4138.
Honza
Thanks, ACK. Here are some tests for this, do they look good?
They look good to me, thanks.
--
Jan Cholasta
On 21.2.2014 17:45, Nathaniel McCallum wrote:
On Fri, 2014-02-21 at 16:29 +0100, Jan Cholasta wrote:
Hi,
On 21.2.2014 16:09, Nathaniel McCallum wrote:
On Fri, 2014-02-21 at 09:45 -0500, Nathaniel McCallum wrote:
We had originally decided to provide defaults on the server side so
.
Honza
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 3.3.2014 15:07, Stef Walter wrote:
On 03.03.2014 15:03, Jan Cholasta wrote:
If you plug a PKCS#11 module into p11-kit, will p11-kit use NSS trust
objects from the module?
No. This is the spec for storing trust policy in PKCS#11 that we've been
working on:
http://p11-glue.freedesktop.org
On 3.3.2014 17:13, Nathaniel McCallum wrote:
RFC 4226 states the following in section 4:
R6 - The algorithm MUST use a strong shared secret. The length of
the shared secret MUST be at least 128 bits. This document
RECOMMENDs a shared secret length of 160 bits.
ACK.
--
Jan
.
* Policies and guidelines: If there is any security policy documentation
should be updated to include the new policies on smart cards (I couldn't
find
any such documentation though)
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 27.2.2014 11:28, Ludwig Krispenz wrote:
On 02/27/2014 10:17 AM, Jan Cholasta wrote:
On 26.2.2014 17:37, Petr Spacek wrote:
On 26.2.2014 15:20, Ludwig Krispenz wrote:
I was talking about 'layer of indirection' previously. I'm digging
into
details and it seems like a good idea to imitate
On 18.2.2014 17:19, Martin Kosek wrote:
On 02/18/2014 04:38 PM, Jan Cholasta wrote:
On 18.2.2014 16:35, Petr Spacek wrote:
On 18.2.2014 16:31, Jan Cholasta wrote:
2] low level replacement for eg the sqlite3 database in softhsm.
That's what I sometimes get the impression what is wanted
On 27.2.2014 15:23, Ludwig Krispenz wrote:
On 02/27/2014 02:14 PM, Jan Cholasta wrote:
On 18.2.2014 17:19, Martin Kosek wrote:
On 02/18/2014 04:38 PM, Jan Cholasta wrote:
On 18.2.2014 16:35, Petr Spacek wrote:
On 18.2.2014 16:31, Jan Cholasta wrote:
2] low level replacement for eg
On 27.2.2014 17:24, Ludwig Krispenz wrote:
On 02/27/2014 03:56 PM, Jan Cholasta wrote:
On 27.2.2014 15:23, Ludwig Krispenz wrote:
On 02/27/2014 02:14 PM, Jan Cholasta wrote:
On 18.2.2014 17:19, Martin Kosek wrote:
On 02/18/2014 04:38 PM, Jan Cholasta wrote:
On 18.2.2014 16:35, Petr Spacek
On 27.2.2014 17:49, Ludwig Krispenz wrote:
On 02/27/2014 05:48 PM, Jan Cholasta wrote:
On 27.2.2014 17:24, Ludwig Krispenz wrote:
On 02/27/2014 03:56 PM, Jan Cholasta wrote:
On 27.2.2014 15:23, Ludwig Krispenz wrote:
On 02/27/2014 02:14 PM, Jan Cholasta wrote:
On 18.2.2014 17:19, Martin
to be creative with the design.
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 25.2.2014 20:22, Simo Sorce wrote:
On Tue, 2014-02-25 at 13:22 -0500, Rob Crittenden wrote:
Jan Cholasta wrote:
On 25.2.2014 17:36, Ludwig Krispenz wrote:
On 02/25/2014 05:12 PM, Simo Sorce wrote:
On Tue, 2014-02-25 at 16:18 +0100, Jan Cholasta wrote:
On 25.2.2014 16:11, Simo Sorce
and CKA_KEY_GEN_MECHANISM
set, so I think we should have attribute types for all of them.
Ludwig
On 02/18/2014 03:17 PM, Jan Cholasta wrote:
Hi,
On 18.2.2014 14:02, Ludwig Krispenz wrote:
Hi,
yesterday jan asked me about the status of the schema and if it would be
ready for certificate storage an dthat
1301 - 1400 of 2029 matches
Mail list logo
