On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote:
Add the ipqUniqueID object to HBAC services and make sure that they
get the memberOf attribute if they are members of service groups.
rob
I
On 05/19/2010 07:28 PM, Rob Crittenden wrote:
Include -clone_uri argument to pkisilent setting the clone URI.
This makes creating a clone from a clone work as expected.
Note that this depends on some fixes in the pki-ca, pki-common and
pki-silent packages. I tested this against pre-release
On 05/20/2010 05:56 PM, Rob Crittenden wrote:
Move the dogtag SELinux rules loading into the spec file
I couldn't put the dogtag rules into the spec file until we required
dogtag as a component. If it wasn't pre-loaded them the rules loading
would fail because types would be missing.
rob
This
On 05/20/2010 07:54 PM, Rob Crittenden wrote:
Add the 'all' serviceCategory to the default allow_all HBAC rule and add
some standard services: ftp, login, sshd, su, sudo.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 05/21/2010 11:35 PM, Rob Crittenden wrote:
Fix this test to work from source tree root
It would work if you ran the test from its location in tests/test_ipalib
but this isn't the most common method. If you want to run it individually
you can do:
$ ./make-test tests/test_ipalib/test_text.py
On 05/26/2010 03:50 PM, Rob Crittenden wrote:
I moved these contents into an update so that each entry could get its
own UUID. The templater for ldif files is a little less robust and can
only assign a single UUID per file. If this is ever an issue we can
address it then butit isn't a problem
On 05/21/2010 10:30 PM, Rob Crittenden wrote:
Add the ipqUniqueID object to HBAC services and make sure that they get
the memberOf attribute if they are members of service groups.
rob
ack.
Pavel
___
Freeipa-devel mailing list
Pavel Zuna wrote:
On 05/19/2010 07:28 PM, Rob Crittenden wrote:
Include -clone_uri argument to pkisilent setting the clone URI.
This makes creating a clone from a clone work as expected.
Note that this depends on some fixes in the pki-ca, pki-common and
pki-silent packages. I tested this
Pavel Zuna wrote:
On 05/20/2010 07:54 PM, Rob Crittenden wrote:
Add the 'all' serviceCategory to the default allow_all HBAC rule and add
some standard services: ftp, login, sshd, su, sudo.
rob
ack.
Pavel
pushed to master. I'm going to submit a separate patch for su-l as
requested by
Sumit Bose wrote:
On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote:
Add the ipqUniqueID object to HBAC services and make sure that they
get the memberOf attribute if they are members of service
Add another default hbac service, su-l.
rob
freeipa-454-hbac.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Stephen Gallagher wrote:
On 05/26/2010 03:24 PM, Rob Crittenden wrote:
Replica preparation and installation is not working in F-13 because of
gpg2. It now requires the --batch argument when using the --passphrase*
options.
This patch is for ipa-1.2.2 but the same principal applies to master as
On 05/27/2010 10:59 AM, Rob Crittenden wrote:
Add another default hbac service, su-l.
rob
Ack
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
For v2 upgrades we want the LDAP server to be quiet so we will shut it
down, disable its TCP listeners and bring it back up to update over
ldapi. This also enables autobind so we can bind as root and perform
operations as Directory Manager and not require a password.
To use this mode run
If a host is already enrolled (either as a client or a former replica)
then ipa-replica-install will fail spectacularly with an error about a
missing keytab. This is because some entries already exist and it
totally confuses things. We need to start this host from scratch, so
catch this
ipa-replica-manage can use the current kerberos credentials for some
commands now. To make it a bit nicer to use fall back to prompt for the
DM password if there are no credentials. I've found it handy to have
this in development.
I also fix up the errors when deleting a replica too (my test
16 matches
Mail list logo