URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta used `datetime.utcnow()` as I couldn't find a reference for
`datetime.utctime()`
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/672
Author: sumit-bose
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
Action: opened
PR body:
"""
Architecture specific paths should be avoided in the global Kerberos
configuration because it is read e.g. by 32bit and 64bit
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
@redhatrises, `datetime.utcnow()` is what I meant.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/666
Title: #666: Fix anonymous principal handling in replica install
stlaz commented:
"""
I actually did the review of https://github.com/freeipa/freeipa/pull/631
alongside this.
I do not think the order of adding the anonymous principal and setting
Hello all,
I have an IPA setup with AD and DNS resides on AD and am having issues
authenticating with my clients.
Getting the Following error on my Clients:
(Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: GSSAPI, user:
URL: https://github.com/freeipa/freeipa/pull/631
Title: #631: Upgrade: configure PKINIT after adding anonymous principal
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
The `admin` user is not allowed to write to the attribute:
```
$ kinit admin
Password for ad...@abc.idm.lab.eng.brq.redhat.com:
$
URL: https://github.com/freeipa/freeipa/pull/666
Title: #666: Fix anonymous principal handling in replica install
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
> @redhatrises, datetime.utcnow() is what I meant.
Oh good. Ready for your review.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/629
Author: abbra
Title: #629: adtrust: make sure that runtime hostname result is consistent
with the configuration
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta updated "Admins can write passwords" ACI to contain
'krbPasswordExpiration' as the "Admin can manage any entry" ACI
URL: https://github.com/freeipa/freeipa/pull/673
Author: tjaalton
Title: #673: Conf template
Action: opened
PR body:
"""
Move conf templates to a common location, make ipa.conf and named.conf portable.
"""
To pull the PR as Git branch:
git remote add ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/675
Author: MartinBasti
Title: #675: [WIP] Fix PKCS11 helper
Action: opened
PR body:
"""
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.
Softhsm i2.2.0 changed this behavior and now slots can change over
URL: https://github.com/freeipa/freeipa/pull/674
Author: tiran
Title: #674: Replace hard-coded kdcproxy path with WSGI script
Action: opened
PR body:
"""
mod_wsgi has no way to import a WSGI module by dotted module name. A new
kdcproxy.wsgi script is used to import kdcproxy from whatever
On ke, 29 maalis 2017, Bradley Bishop wrote:
Hello all,
I have an IPA setup with AD and DNS resides on AD and am having issues
authenticating with my clients.
Getting the Following error on my Clients:
(Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing
URL: https://github.com/freeipa/freeipa/pull/675
Author: MartinBasti
Title: #675: [WIP] Fix PKCS11 helper
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/675/head:pr675
git checkout pr675
From
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Title: #12: README.md: fix markdown formatting
MartinBasti commented:
"""
ACK
"""
See the full comment at
https://github.com/freeipa/bind-dyndb-ldap/pull/12#issuecomment-290162668
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/636
Title: #636: [Py3] Fix ipatests.util doc tests
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/629
Author: abbra
Title: #629: adtrust: make sure that runtime hostname result is consistent
with the configuration
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: edited
Changed field: title
Original value:
"""
Add --force-password-reset to user_mod in user.py
"""
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/629
Title: #629: adtrust: make sure that runtime hostname result is consistent with
the configuration
abbra commented:
"""
Removed backslashes and also moved the check to be the first step when creating
an instance.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: certdb: use certutil and match_hostname for cert verification
tiran commented:
"""
Your PR is going to remove the last import from python-nss. Awesome!
Please remove the requirement from ```ipapython/setup.py``` and
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --force-password-reset to user_mod in user.py
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/621/head:pr621
git
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/480
Title: #480: Hide request_type doc string in cert-request help
Akasurde commented:
"""
Bump for review.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/480#issuecomment-290289355
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/640
Author: stlaz
Title: #640: Remove pkinit options from master/replica on DL0
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/640/head:pr640
git checkout
URL: https://github.com/freeipa/freeipa/pull/640
Author: stlaz
Title: #640: Remove pkinit options from master/replica on DL0
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/640/head:pr640
git checkout
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/668/head:pr668
git
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tomaskrizek commented:
"""
master:
* 67e5244cad72bef76de1c4df47a0c77a672fa861 server: make sure we test for
sss_nss_getlistbycert
ipa-4-5:
*
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/11
Title: #11: Coverity: fix REVERSE_INULL for pevent->inst
tomaskrizek commented:
"""
@pemensik Hi, could you take a quick look at this change?
I ran coverity and the issues were fixed.
It might also be possible to remove the REQUIRE, but
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
Do we also need to bump the version in `PKG_CHECK_MODULES` in `server.m4:31`?
```
PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap >= 1.15.2])
```
"""
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
abbra commented:
"""
No, It will make downstream harder because RHEL downstream will only have
1.15.2 with patches on top of that version.
I have a pull request coming that
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From
URL: https://github.com/freeipa/freeipa/pull/669
Author: abbra
Title: #669: server: make sure we test for sss_nss_getlistbycert
Action: opened
PR body:
"""
Fixes https://pagure.io/freeipa/issue/6828
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tiran commented:
"""
AC_CHECK_LIB only checks for functions in libs. Compilation may still fail if
header files and library are not in sync. IMHO we don't have to care about this
URL: https://github.com/freeipa/freeipa/pull/658
Title: #658: Hide PKI Client database password in log file
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
We still want to merge this PR to take care of the upstream BuildRequires
though, right?
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tomaskrizek commented:
"""
Works as expected.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/669#issuecomment-290019629
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
HonzaCholasta commented:
"""
Changed ticket link to https://pagure.io/freeipa/issue/6828.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/669
Author: abbra
Title: #669: server: make sure we test for sss_nss_getlistbycert
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/669/head:pr669
git checkout pr669
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in
its scope to fix it, it's somehow intended to break it, actually. It will be
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in
its scope to fix it, it's somehow intended to break it, actually. It will be
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: opened
PR body:
"""
Bump BuildRequires on libsss_nss_idmap-devel to the version which
introduces the sss_nss_getlistbycert function.
This fixes RPM
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
abbra commented:
"""
I submitted https://github.com/freeipa/freeipa/pull/669 for that
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/670
Author: tiran
Title: #670: [Py3] session storage parameters must be bytes
Action: opened
PR body:
"""
Fixes TypeError: bytes or integer address expected instead of str instance
Signed-off-by: Christian Heimes
"""
To pull
URL: https://github.com/freeipa/freeipa/pull/658
Title: #658: Hide PKI Client database password in log file
stlaz commented:
"""
Works well, thanks!
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/658#issuecomment-290014081
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
Pushed a cleaner version of the previous changes, thanks @HonzaCholasta for the
suggestion.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
HonzaCholasta commented:
"""
Right.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/668#issuecomment-290015269
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
abbra commented:
"""
On the systems where pkg-config is available, positive result from pkg-config
check means headers are available because pkg-config files are part of
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
master:
* b18ee8b9dd3b1d0cfdc45373a7a56747e1f993a3 spec file: bump
libsss_nss_idmap-devel BuildRequires
ipa-4-5:
*
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/668/head:pr668
git
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/11
Author: tomaskrizek
Title: #11: Coverity: fix REVERSE_INULL for pevent->inst
Action: opened
PR body:
"""
With the DynDB API changes, the ldap instance is acquired
differently. Previously, obtaining the instance could fail when
LDAP was
URL: https://github.com/freeipa/freeipa/pull/490
Author: HonzaCholasta
Title: #490: certdb: use certutil and match_hostname for cert verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins
HonzaCholasta commented:
"""
* With `force_client_compat=False`, the benefit is the client API matches the
remote server API, the drawback is `api.finalize()` does RPC calls
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
martbab commented:
"""
@MartinBasti WebUI not working in DL0/--no-pkinit is beyond the scope of this
PR. I am working on fixing that in a separate PR.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins
tiran commented:
"""
I don't understand the implications of this change and the new flag:
* What are the benefits and drawbacks of ```force_client_compat=False```?
* What are
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Author: tomaskrizek
Title: #12: README.md: fix markdown formatting
Action: synchronized
To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Author: tomaskrizek
Title: #12: README.md: fix markdown formatting
Action: opened
PR body:
"""
Fix some markdown formatting errors to properly render it on pagure.
"""
To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: edited
Changed field: body
Original value:
"""
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that
URL: https://github.com/freeipa/freeipa/pull/593
Title: #593: Add make patchcheck for developers
tiran commented:
"""
Depends on PRs #475, #587, #594
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/593#issuecomment-286665946
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/671
Author: tiran
Title: #671: [WIP] Slim down dependencies
Action: opened
PR body:
"""
* Remove unused install requires
* Correct dependencies for yubico otptoken
* Properly report optional dependency for yubico otptoken
* Make jinja2 an optional
URL: https://github.com/freeipa/freeipa/pull/593
Title: #593: Add make patchcheck for developers
tiran commented:
"""
All dependencies have been merged. PR is ready for review.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/593#issuecomment-287372325
--
Manage your
68 matches
Mail list logo