URL: https://github.com/freeipa/freeipa/pull/640
Author: stlaz
Title: #640: Remove pkinit options from master/replica on DL0
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/640/head:pr640
git checkout pr640
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in
its scope to fix it, it's somehow intended to break it, actually. It will be
fixed
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: opened
PR body:
"""
Bump BuildRequires on libsss_nss_idmap-devel to the version which
introduces the sss_nss_getlistbycert function.
This fixes RPM
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in
its scope to fix it, it's somehow intended to break it, actually. It will be
fixed
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
Do we also need to bump the version in `PKG_CHECK_MODULES` in `server.m4:31`?
```
PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap >= 1.15.2])
```
"""
Se
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
abbra commented:
"""
No, It will make downstream harder because RHEL downstream will only have
1.15.2 with patches on top of that version.
I have a pull request coming that actual
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 7c1f30c
URL: https://github.com/freeipa/freeipa/pull/669
Author: abbra
Title: #669: server: make sure we test for sss_nss_getlistbycert
Action: opened
PR body:
"""
Fixes https://pagure.io/freeipa/issue/6828
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
abbra commented:
"""
I submitted https://github.com/freeipa/freeipa/pull/669 for that
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/668#issuecomment-29001025
URL: https://github.com/freeipa/freeipa/pull/670
Author: tiran
Title: #670: [Py3] session storage parameters must be bytes
Action: opened
PR body:
"""
Fixes TypeError: bytes or integer address expected instead of str instance
Signed-off-by: Christian Heimes
"""
To pull the PR as Git branch:
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tiran commented:
"""
AC_CHECK_LIB only checks for functions in libs. Compilation may still fail if
header files and library are not in sync. IMHO we don't have to care about this
b
URL: https://github.com/freeipa/freeipa/pull/640
Author: stlaz
Title: #640: Remove pkinit options from master/replica on DL0
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/640/head:pr640
git checkout pr640
URL: https://github.com/freeipa/freeipa/pull/658
Title: #658: Hide PKI Client database password in log file
stlaz commented:
"""
Works well, thanks!
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/658#issuecomment-290014081
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/658
Title: #658: Hide PKI Client database password in log file
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contri
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
We still want to merge this PR to take care of the upstream BuildRequires
though, right?
"""
See the full comment at
https://github.com/freeipa/freeipa
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 7c1f30c
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
stlaz commented:
"""
Pushed a cleaner version of the previous changes, thanks @HonzaCholasta for the
suggestion.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/6
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
HonzaCholasta commented:
"""
Right.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/668#issuecomment-290015269
--
Manage your subscription for the Freeipa-dev
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
abbra commented:
"""
On the systems where pkg-config is available, positive result from pkg-config
check means headers are available because pkg-config files are part of
developmen
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tomaskrizek commented:
"""
Works as expected.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/669#issuecomment-290019629
--
Manage your subscription for the Fr
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
HonzaCholasta commented:
"""
Changed ticket link to https://pagure.io/freeipa/issue/6828.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/668#issuecomment-2900
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/668/head:pr668
git ch
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/p
URL: https://github.com/freeipa/freeipa/pull/668
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
tomaskrizek commented:
"""
master:
* b18ee8b9dd3b1d0cfdc45373a7a56747e1f993a3 spec file: bump
libsss_nss_idmap-devel BuildRequires
ipa-4-5:
* 127f7ce699677d8c689099eac350a54293a5
URL: https://github.com/freeipa/freeipa/pull/668
Author: HonzaCholasta
Title: #668: spec file: bump libsss_nss_idmap-devel BuildRequires
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/668/head:pr668
git checkout
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/pa
URL: https://github.com/freeipa/freeipa/pull/669
Author: abbra
Title: #669: server: make sure we test for sss_nss_getlistbycert
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/669/head:pr669
git checkout pr669
--
URL: https://github.com/freeipa/freeipa/pull/669
Title: #669: server: make sure we test for sss_nss_getlistbycert
tomaskrizek commented:
"""
master:
* 67e5244cad72bef76de1c4df47a0c77a672fa861 server: make sure we test for
sss_nss_getlistbycert
ipa-4-5:
* 8be6987da72dff0ebd4e02c946b45b5b1705d8
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/11
Author: tomaskrizek
Title: #11: Coverity: fix REVERSE_INULL for pevent->inst
Action: opened
PR body:
"""
With the DynDB API changes, the ldap instance is acquired
differently. Previously, obtaining the instance could fail when
LDAP was di
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/11
Title: #11: Coverity: fix REVERSE_INULL for pevent->inst
tomaskrizek commented:
"""
@pemensik Hi, could you take a quick look at this change?
I ran coverity and the issues were fixed.
It might also be possible to remove the REQUIRE, but s
URL: https://github.com/freeipa/freeipa/pull/593
Title: #593: Add make patchcheck for developers
tiran commented:
"""
All dependencies have been merged. PR is ready for review.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/593#issuecomment-287372325
--
Manage your subsc
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make patchcheck for developers
Action: edited
Changed field: body
Original value:
"""
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that pylint
URL: https://github.com/freeipa/freeipa/pull/593
Title: #593: Add make patchcheck for developers
tiran commented:
"""
Depends on PRs #475, #587, #594
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/593#issuecomment-286665946
--
Manage your subscription for the Freeipa-dev
URL: https://github.com/freeipa/freeipa/pull/671
Author: tiran
Title: #671: [WIP] Slim down dependencies
Action: opened
PR body:
"""
* Remove unused install requires
* Correct dependencies for yubico otptoken
* Properly report optional dependency for yubico otptoken
* Make jinja2 an optional d
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Author: tomaskrizek
Title: #12: README.md: fix markdown formatting
Action: opened
PR body:
"""
Fix some markdown formatting errors to properly render it on pagure.
"""
To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https:
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
martbab commented:
"""
@MartinBasti WebUI not working in DL0/--no-pkinit is beyond the scope of this
PR. I am working on fixing that in a separate PR.
"""
See the full comment at
htt
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins
tiran commented:
"""
I don't understand the implications of this change and the new flag:
* What are the benefits and drawbacks of ```force_client_compat=False```?
* What are t
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Author: tomaskrizek
Title: #12: README.md: fix markdown formatting
Action: synchronized
To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap pull/12/head:pr1
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins
HonzaCholasta commented:
"""
* With `force_client_compat=False`, the benefit is the client API matches the
remote server API, the drawback is `api.finalize()` does RPC calls an
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --force-password-reset to user_mod in user.py
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/621/head:pr621
git checkou
URL: https://github.com/freeipa/freeipa/pull/629
Author: abbra
Title: #629: adtrust: make sure that runtime hostname result is consistent
with the configuration
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa p
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: edited
Changed field: title
Original value:
"""
Add --force-password-reset to user_mod in user.py
"""
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/629
Title: #629: adtrust: make sure that runtime hostname result is consistent with
the configuration
abbra commented:
"""
Removed backslashes and also moved the check to be the first step when creating
an instance.
"""
See the full comment at
htt
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta used `datetime.utcnow()` as I couldn't find a reference for
`datetime.utctime()`
"""
See the full comment at
https://
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
@redhatrises, `datetime.utcnow()` is what I meant.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/621#issuecom
Hello all,
I have an IPA setup with AD and DNS resides on AD and am having issues
authenticating with my clients.
Getting the Following error on my Clients:
(Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: GSSAPI, user: host/bradltest3.br
URL: https://github.com/freeipa/freeipa/pull/631
Title: #631: Upgrade: configure PKINIT after adding anonymous principal
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.or
URL: https://github.com/freeipa/freeipa/pull/666
Title: #666: Fix anonymous principal handling in replica install
stlaz commented:
"""
I actually did the review of https://github.com/freeipa/freeipa/pull/631
alongside this.
I do not think the order of adding the anonymous principal and setting
URL: https://github.com/freeipa/freeipa/pull/666
Title: #666: Fix anonymous principal handling in replica install
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
> @redhatrises, datetime.utcnow() is what I meant.
Oh good. Ready for your review.
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/629
Author: abbra
Title: #629: adtrust: make sure that runtime hostname result is consistent
with the configuration
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa p
URL: https://github.com/freeipa/freeipa/pull/672
Author: sumit-bose
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
Action: opened
PR body:
"""
Architecture specific paths should be avoided in the global Kerberos
configuration because it is read e.g. by 32bit and 64bit li
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
The `admin` user is not allowed to write to the attribute:
```
$ kinit admin
Password for ad...@abc.idm.lab.eng.brq.redhat.com:
$ ip
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/621/
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta updated "Admins can write passwords" ACI to contain
'krbPasswordExpiration' as the "Admin can manage any entry" ACI alr
URL: https://github.com/freeipa/freeipa/pull/673
Author: tjaalton
Title: #673: Conf template
Action: opened
PR body:
"""
Move conf templates to a common location, make ipa.conf and named.conf portable.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freei
URL: https://github.com/freeipa/freeipa/pull/674
Author: tiran
Title: #674: Replace hard-coded kdcproxy path with WSGI script
Action: opened
PR body:
"""
mod_wsgi has no way to import a WSGI module by dotted module name. A new
kdcproxy.wsgi script is used to import kdcproxy from whatever Pytho
On ke, 29 maalis 2017, Bradley Bishop wrote:
Hello all,
I have an IPA setup with AD and DNS resides on AD and am having issues
authenticating with my clients.
Getting the Following error on my Clients:
(Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing s
URL: https://github.com/freeipa/freeipa/pull/675
Author: MartinBasti
Title: #675: [WIP] Fix PKCS11 helper
Action: opened
PR body:
"""
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.
Softhsm i2.2.0 changed this behavior and now slots can change over
tim
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/12
Title: #12: README.md: fix markdown formatting
MartinBasti commented:
"""
ACK
"""
See the full comment at
https://github.com/freeipa/bind-dyndb-ldap/pull/12#issuecomment-290162668
--
Manage your subscription for the Freeipa-devel mailing
URL: https://github.com/freeipa/freeipa/pull/675
Author: MartinBasti
Title: #675: [WIP] Fix PKCS11 helper
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/675/head:pr675
git checkout pr675
From 49724f4c5e85f
URL: https://github.com/freeipa/freeipa/pull/636
Title: #636: [Py3] Fix ipatests.util doc tests
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: certdb: use certutil and match_hostname for cert verification
tiran commented:
"""
Your PR is going to remove the last import from python-nss. Awesome!
Please remove the requirement from ```ipapython/setup.py``` and
```freeipa.spec.
URL: https://github.com/freeipa/freeipa/pull/621
Author: redhatrises
Title: #621: Add --password-expiration to allow an admin to force a password
change
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/621/
URL: https://github.com/freeipa/freeipa/pull/480
Title: #480: Hide request_type doc string in cert-request help
Akasurde commented:
"""
Bump for review.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/480#issuecomment-290289355
--
Manage your subscription for the Freeipa-d
URL: https://github.com/freeipa/freeipa/pull/672
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
tiran commented:
"""
LGTM
For the recording: according to
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#plugins
the plugin directive uses ```plug
URL: https://github.com/freeipa/freeipa/pull/672
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
abbra commented:
"""
> @sumit-bose What happens when the shared library is missing? Does 32bit kinit
> fail or work on a X86_64 system when 32bit ipadb.so is missing?
It is no
69 matches
Mail list logo