On Sat, 2013-03-16 at 16:46 -0400, Dmitri Pal wrote:
On 03/12/2013 02:02 PM, Simo Sorce wrote:
On Tue, 2013-03-12 at 18:31 +0100, Jan Cholasta wrote:
On 12.3.2013 18:01, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote:
On 12.3.2013 17:24, Simo Sorce wrote:
On
On 03/12/2013 02:02 PM, Simo Sorce wrote:
On Tue, 2013-03-12 at 18:31 +0100, Jan Cholasta wrote:
On 12.3.2013 18:01, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote:
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't
On 8.3.2013 20:09, Rob Crittenden wrote:
Petr Spacek wrote:
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com
On 8.3.2013 14:41, Simo Sorce wrote:
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it:
Jan Cholasta wrote:
On 8.3.2013 20:09, Rob Crittenden wrote:
Petr Spacek wrote:
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true
On Tue, 2013-03-12 at 10:23 +0100, Jan Cholasta wrote:
On 8.3.2013 14:41, Simo Sorce wrote:
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not going to
happen.
Can we do that extra search only when the KDC is initialized and when
configuration is refreshed? I don't think the default
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not going to
happen.
Can we do that extra search only when the KDC is initialized and when
configuration is refreshed? I
On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not going to
happen.
Can we do that extra search only when the KDC is initialized
Petr Spacek wrote:
On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not
going to
happen.
Can we do that extra search only when
On Tue, Mar 12, 2013 at 08:34:33AM -0400, Simo Sorce wrote:
On Tue, 2013-03-12 at 10:23 +0100, Jan Cholasta wrote:
On 8.3.2013 14:41, Simo Sorce wrote:
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from
On 12.3.2013 16:00, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not
going to
happen.
On Tue, 2013-03-12 at 15:31 +0100, Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not going to
happen.
Can we do that extra search only when the KDC is initialized
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
On 12.3.2013 16:00, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
We might, but how do you check for the global value ?
An additional
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't we set the bitfield (krbTicketFlags) directly? (There is an
ACI preventing that, I'm just wondering what is the reason for this.)
If you tell me who 'we' is (as in what user would set it) I
On 12.3.2013 18:01, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote:
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't we set the bitfield (krbTicketFlags) directly? (There is an
ACI preventing that, I'm just
On Tue, 2013-03-12 at 18:31 +0100, Jan Cholasta wrote:
On 12.3.2013 18:01, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:31 +0100, Jan Cholasta wrote:
On 12.3.2013 17:24, Simo Sorce wrote:
On Tue, 2013-03-12 at 17:02 +0100, Jan Cholasta wrote:
Why can't we set the bitfield (krbTicketFlags)
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
Can we have one multi-valued attribute which contains names of flags to
On Fri, Mar 08, 2013 at 10:31:58AM +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
Can we
On Thu, 2013-03-07 at 15:15 -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the flags
Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com
We *could* avoid type potentially but it would expand our
On Fri, Mar 08, 2013 at 12:28:03PM -0500, Nathaniel McCallum wrote:
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare
On Fri, 2013-03-08 at 18:53 +0100, Sumit Bose wrote:
On Fri, Mar 08, 2013 at 12:28:03PM -0500, Nathaniel McCallum wrote:
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
Petr Spacek wrote:
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com
We *could* avoid type potentially but it
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the flags are actually
set inside the KDB plugin since I'm not at all
28 matches
Mail list logo