Re: [Freeipa-devel] [PATCH] 450 fixes for HBAC services

On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote: Sumit Bose wrote: On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote: Add the ipqUniqueID object to HBAC services and make sure that they get the memberOf attribute if they are members of service groups. rob I

Re: [Freeipa-devel] [PATCH] 446 fix clone from a clone

On 05/19/2010 07:28 PM, Rob Crittenden wrote: Include -clone_uri argument to pkisilent setting the clone URI. This makes creating a clone from a clone work as expected. Note that this depends on some fixes in the pki-ca, pki-common and pki-silent packages. I tested this against pre-release

Re: [Freeipa-devel] [PATCH] 447 load dogtag selinux rules in spec

On 05/20/2010 05:56 PM, Rob Crittenden wrote: Move the dogtag SELinux rules loading into the spec file I couldn't put the dogtag rules into the spec file until we required dogtag as a component. If it wasn't pre-loaded them the rules loading would fail because types would be missing. rob This

Re: [Freeipa-devel] [PATCH] 448 fix default hbac rule, add default services

On 05/20/2010 07:54 PM, Rob Crittenden wrote: Add the 'all' serviceCategory to the default allow_all HBAC rule and add some standard services: ftp, login, sshd, su, sudo. rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 451 fix i18n test

On 05/21/2010 11:35 PM, Rob Crittenden wrote: Fix this test to work from source tree root It would work if you ran the test from its location in tests/test_ipalib but this isn't the most common method. If you want to run it individually you can do: $ ./make-test tests/test_ipalib/test_text.py

Re: [Freeipa-devel] [PATCH] 452 add missing hbac update file

On 05/26/2010 03:50 PM, Rob Crittenden wrote: I moved these contents into an update so that each entry could get its own UUID. The templater for ldif files is a little less robust and can only assign a single UUID per file. If this is ever an issue we can address it then butit isn't a problem

Re: [Freeipa-devel] [PATCH] 450 fixes for HBAC services

On 05/21/2010 10:30 PM, Rob Crittenden wrote: Add the ipqUniqueID object to HBAC services and make sure that they get the memberOf attribute if they are members of service groups. rob ack. Pavel ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 446 fix clone from a clone

Pavel Zuna wrote: On 05/19/2010 07:28 PM, Rob Crittenden wrote: Include -clone_uri argument to pkisilent setting the clone URI. This makes creating a clone from a clone work as expected. Note that this depends on some fixes in the pki-ca, pki-common and pki-silent packages. I tested this

Re: [Freeipa-devel] [PATCH] 448 fix default hbac rule, add default services

Pavel Zuna wrote: On 05/20/2010 07:54 PM, Rob Crittenden wrote: Add the 'all' serviceCategory to the default allow_all HBAC rule and add some standard services: ftp, login, sshd, su, sudo. rob ack. Pavel pushed to master. I'm going to submit a separate patch for su-l as requested by

Re: [Freeipa-devel] [PATCH] 450 fixes for HBAC services

Sumit Bose wrote: On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote: Sumit Bose wrote: On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote: Add the ipqUniqueID object to HBAC services and make sure that they get the memberOf attribute if they are members of service

[Freeipa-devel] [PATCH] 454 add su-l hbac service

Add another default hbac service, su-l. rob freeipa-454-hbac.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 453 fix gpg2 usage

Stephen Gallagher wrote: On 05/26/2010 03:24 PM, Rob Crittenden wrote: Replica preparation and installation is not working in F-13 because of gpg2. It now requires the --batch argument when using the --passphrase* options. This patch is for ipa-1.2.2 but the same principal applies to master as

Re: [Freeipa-devel] [PATCH] 454 add su-l hbac service

On 05/27/2010 10:59 AM, Rob Crittenden wrote: Add another default hbac service, su-l. rob Ack -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

[Freeipa-devel] [PATCH] 455 upgrade over ldapi

For v2 upgrades we want the LDAP server to be quiet so we will shut it down, disable its TCP listeners and bring it back up to update over ldapi. This also enables autobind so we can bind as root and perform operations as Directory Manager and not require a password. To use this mode run

[Freeipa-devel] [PATCH] 456 replica creation

If a host is already enrolled (either as a client or a former replica) then ipa-replica-install will fail spectacularly with an error about a missing keytab. This is because some entries already exist and it totally confuses things. We need to start this host from scratch, so catch this

[Freeipa-devel] [PATCH] 457 fall back to DM password in ipa-replica-manage

ipa-replica-manage can use the current kerberos credentials for some commands now. To make it a bit nicer to use fall back to prompt for the DM password if there are no credentials. I've found it handy to have this in development. I also fix up the errors when deleting a replica too (my test