On Thu, Sep 30, 2010 at 12:06:01AM -0400, Dmitri Pal wrote:
JR Aquino wrote:
I have encountered and troubleshot several instances recently where a user
was present in more than 1 sudo rule. One that permitted the user, the
host, and commands, and another that permited the user, and host,
On 09/29/2010 11:07 PM, Endi Sukma Dewata wrote:
- Adam Youngayo...@redhat.com wrote:
Should have remembered this approach, standard JS way to deal with
undefined values.
admiyo-freeipa-0048-3-Item-Level-Undo.patch
A few notes:
1. You're replying to the wrong thread :)
On 09/30/2010 09:18 AM, Adam Young wrote:
On 09/29/2010 11:07 PM, Endi Sukma Dewata wrote:
- Adam Youngayo...@redhat.com wrote:
Should have remembered this approach, standard JS way to deal with
undefined values.
admiyo-freeipa-0048-3-Item-Level-Undo.patch
A few notes:
1. You're
On 09/30/2010 09:20 AM, Adam Young wrote:
On 09/30/2010 09:18 AM, Adam Young wrote:
On 09/29/2010 11:07 PM, Endi Sukma Dewata wrote:
- Adam Youngayo...@redhat.com wrote:
Should have remembered this approach, standard JS way to deal with
undefined values.
Todd was able to confirm this for me...
On Sep 29, 2010, at 9:06 PM, Dmitri Pal wrote:
I was aware of this writeup however I did not read it as there is a
problem when there are multiple rules with negation. It actually nowhere
says how SUDO handles multiple rules if they are mutually exclusive.
On Sep 30, 2010, at 6:17 AM,
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
wrote:
I think this behaviour is a contradiction to 'paranoid behavior'. I
think that instead of
'If there are
On Sep 30, 2010, at 6:17 AM,
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
freeipa-devel-requ...@redhat.commailto:freeipa-devel-requ...@redhat.com
wrote:
I think this behaviour is a contradiction to 'paranoid behavior'. I
think that instead of
'If there are
On Sep 30, 2010, at 9:37 AM, Sumit Bose wrote:
I agree, I only made the suggestion about the IPA server, because I
think that this feature is a bug in the current sudo code base, an
annoying bug at best and a serious security issue at worst.
It is both a bug and a security concern... one that
btw. I cannot reproduce your issue where a command is denied where only
user and host is matching, can you give an example where this is
happening? Thanks
I retract my previous statement and stand corrected:
I have run a test and verified on Redhat Enterprise 5.5 that Sudo is behaving
as we
Added in params for phone number types: mobile, pager, fax, phone
From 46766fb7d44e5586ce05334756ae4b3a2212daab Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Thu, 30 Sep 2010 13:58:01 -0400
Subject: [PATCH] phonenumbers
Added in params for phone number types: phone, fax,
Quote passwords before sending them to pkisilent. This lets you use
characters in the password the shell would otherwise interpret.
rob
freeipa-553-quote.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 09/30/2010 02:54 PM, Rob Crittenden wrote:
Quote passwords before sending them to pkisilent. This lets you use
characters in the password the shell would otherwise interpret.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
Hi,
Please review the attached patch. Thanks!
The navigation.js has been modified to make it more abstract, i.e.
unaware of entity facets. The nav_update_tabs() has been modified
such that it activates and updates the tabs based on the current
state stored in the URL.
The facets are now handled
Don't override takes_options in user_find.
I pushed this under the 1-liner rule.
rob
user_find.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Fix failing test case for LDAP client test. This should bring our pass
rate back up to 100%.
rob
freeipa-554-test.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
How do we adjust FreeIPA such that it ensures Deny-IPASudoRules precede any
Allow-IPASudoRules ?
So it looks like current schema would not fly well with SUDO due to SUDO
bug/feature. SUDO will match just any first rule that satisfies the
user-hpost-command combination but we can't
Pushed under the one line rule
From 4f2d2fda93b1a118869579efa70d800a28b97a8b Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Thu, 30 Sep 2010 19:08:45 -0400
Subject: [PATCH] telephone
Typo in attribute name.
---
install/static/user.js |2 +-
1 files changed, 1
On 09/30/2010 05:51 PM, Rob Crittenden wrote:
Fix failing test case for LDAP client test. This should bring our pass
rate back up to 100%.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
18 matches
Mail list logo