Hi,
Please review the attached patch. Thanks!
To be consistent with the details page, the rule type in the HBAC
add dialog box has been converted into radio buttons.
--
Endi S. Dewata
From 21545c3e7f8312e83e5398d3244ae9260d39fe54 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata
Date: Thu, 18 Nov
Hi,
Please review the attached patch. Thanks!
--
Endi S. Dewata
From a7e17a5eafdd3b7d206ffcdd41ddfec4c6a57c45 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata
Date: Thu, 18 Nov 2010 23:33:51 -0600
Subject: [PATCH] Sample data for service provisioning
---
install/static/test/data/service_show.jso
Hi,
Please revie the attached patch. Thanks!
The support for host enrollment via one-time-password has been added.
When submitted, the OTP will be used to set the host's userpassword.
Previously each IPA command can only have one JSON test data file.
The ipa_cmd() has been modifies to accept an
Adam Young wrote:
On 11/18/2010 05:05 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 09 Nov 2010 14:00:00 -0500
Rob Crittenden wrote:
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-host --hosts=test2 test
"""
I do not want to n
Adam Young wrote:
On 11/18/2010 11:22 AM, Rob Crittenden wrote:
Password policy needs to update the class of service priority in
another entry. Include the CoS attribute when reporting rights.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.
On 11/17/2010 8:15 PM, Adam Young wrote:
https://fedorahosted.org/freeipa/ticket/471
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11/18/2010 7:13 PM, Adam Young wrote:
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 11/18/2010 05:05 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 09 Nov 2010 14:00:00 -0500
Rob Crittenden wrote:
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-host --hosts=test2 test
"""
I do not want to nack, but looking at
On 11/17/2010 04:27 PM, Simo Sorce wrote:
Fixes #440
Simo.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK and pushed to master
___
On 11/17/2010 04:26 PM, Simo Sorce wrote:
On Tue, 16 Nov 2010 14:09:58 -0500
Simo Sorce wrote:
This patch bumps up the default number of files allowed by default for
directory server. This allows more clients and also reserves a bigger
number of FDs (at least according to doc) for replicat
On 11/18/2010 11:22 AM, Rob Crittenden wrote:
Password policy needs to update the class of service priority in
another entry. Include the CoS attribute when reporting rights.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.re
On 11/18/2010 4:08 PM, Adam Young wrote:
Example: to find the cert server used, you would do:
IPA.env.ra_plugin
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/list
Adam Young wrote:
> On 11/18/2010 05:27 PM, Dmitri Pal wrote:
>> Adam Young wrote:
>>
>>> On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
>>> On 11/18/2010 09:55 AM, Dmitri Pal wrote:
>>>
>>>
>> Steve can you summarize where we are and what we agreed to,
>>
>>> please,
JR Aquino wrote:
> On 11/18/10 8:16 AM, "Nalin Dahyabhai" wrote:
>
>>
>>
>>> ToDo's:
>>>
>>> * Get sudo compat to translate usergroup/posix group's such that it can
>>> prepend a %groupname <- notice that it is not fully qualified dn.
>>>
>> If memberUser can point to either a user
On 11/18/2010 05:27 PM, Dmitri Pal wrote:
Adam Young wrote:
On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
On 11/18/2010 09:55 AM, Dmitri Pal wrote:
Steve can you summarize where we are and what we agreed to,
please, and
identify the questions that we need to an
Rob Crittenden wrote:
Jakub Hrozek wrote:
On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
Make sure a detached group has the default list of objectclasses.
ipaUniqueId is handled by the new uuid plugin.
https://fedorahosted.org/freeipa/ticket/250
rob
I haven't fully tested t
Adam Young wrote:
> On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
> On 11/18/2010 09:55 AM, Dmitri Pal wrote:
>
> >>> Steve can you summarize where we are and what we agreed to,
> please, and
> >>> identify the questions that we need to answer.
> >>>
>
> Simo, Adam and I had a long discus
From 80b651cdf18270d778c141af1fdcb1d86dccd250 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Thu, 18 Nov 2010 16:48:23 -0500
Subject: [PATCH] env init
call the json rpc 'env' during ipa init and cache the result
---
install/static/ipa.js |6 ++-
install/static/test/data/bat
On 11/17/2010 01:37 PM, Adam Young wrote:
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACKed and pushed to master by edewata
___
Freeipa-deve
Example: to find the cert server used, you would do:
IPA.env.ra_plugin
From 61aaef3542c5f4db0674ffcd591425902ace7367 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Thu, 18 Nov 2010 16:48:23 -0500
Subject: [PATCH] env init
call the json rpc 'env' during ipa init and cache the result
---
inst
Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 09 Nov 2010 14:00:00 -0500
Rob Crittenden wrote:
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-host --hosts=test2 test
"""
I do not want to nack, but looking at this command in isolation I am
quite confused
Simo Sorce wrote:
On Fri, 05 Nov 2010 15:20:27 -0400
Rob Crittenden wrote:
When a host is deleted we revoke its certificate, if any.
When a host keytab is disabled we disable all the keytabs and revoke
the certificates of its services.
I've also tried to make it more universal to display cer
On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2010 09:55 AM, Dmitri Pal wrote:
Steve can you summarize where we are and what we agreed to, please, and
identify the questions that we need to answer.
Simo, Adam and I had a long
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2010 09:55 AM, Dmitri Pal wrote:
> Steve can you summarize where we are and what we agreed to, please, and
> identify the questions that we need to answer.
Simo, Adam and I had a long discussion on IRC regarding the time rules
today (complet
On 11/13/2010 09:02 PM, Adam Young wrote:
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACKed and pushed by edewata
___
Freeipa-devel mailing
On 11/13/2010 09:03 PM, Adam Young wrote:
super is a keyword in Javascript. This removeds a syntax error that
shows up on some browsers.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
A
On Thu, 18 Nov 2010 16:23:38 +0100
Jakub Hrozek wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/18/2010 02:24 PM, Simo Sorce wrote:
> > On Thu, 18 Nov 2010 07:21:04 -0500
> > Stephen Gallagher wrote:
> >
> >> Doing the forward septets is easy (1*x..7*x), but the reverse
> >>
On Thu, 18 Nov 2010 11:45:30 -0500
Rob Crittenden wrote:
> Simo Sorce wrote:
> >
> > The pwpolicy plugin was basically hardcoded to version 1.8 instead
> > of checking for>= 1.8
> >
> > This patch uses distutils.version to fix that.
> >
> > Simo.
>
> ack
pushed to master
Simo.
--
Simo Sorce
On Thu, 18 Nov 2010 12:27:57 -0500
Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Tue, 9 Nov 2010 15:12:25 -0500
> > Simo Sorce wrote:
> >
> >> On Mon, 8 Nov 2010 19:34:12 -0500
> >> Simo Sorce wrote:
> >>
> >>> Patch 0004: Add basic certification creation for selfsigned CA and
> >>> KDC conf
On 11/17/2010 9:34 PM, Adam Young wrote:
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Jakub Hrozek wrote:
On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
Make sure a detached group has the default list of objectclasses.
ipaUniqueId is handled by the new uuid plugin.
https://fedorahosted.org/freeipa/ticket/250
rob
I haven't fully tested the patch yet, but this
Simo Sorce wrote:
On Tue, 9 Nov 2010 15:12:25 -0500
Simo Sorce wrote:
On Mon, 8 Nov 2010 19:34:12 -0500
Simo Sorce wrote:
Patch 0004: Add basic certification creation for selfsigned CA and
KDC configuration. opnessl had to be used because the NSS tools
cannot deal with the special subjectal
On Fri, 05 Nov 2010 15:20:27 -0400
Rob Crittenden wrote:
> When a host is deleted we revoke its certificate, if any.
>
> When a host keytab is disabled we disable all the keytabs and revoke
> the certificates of its services.
>
> I've also tried to make it more universal to display certificate
To sum up where we are overall, and the dependencies.
We have three Entities not yet implemented:
Permissions (ACIs) - Spec'ed, but waiting on Backend implementation.
SUDO - Not spec'ed, but we can get started based on the HBAC work.
Joint effort between edewata and JR Aquino
Automount --
Simo Sorce wrote:
The pwpolicy plugin was basically hardcoded to version 1.8 instead of
checking for>= 1.8
This patch uses distutils.version to fix that.
Simo.
ack
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mail
On 11/18/10 8:16 AM, "Nalin Dahyabhai" wrote:
>
>>
>> ToDo's:
>>
>> * Get sudo compat to translate usergroup/posix group's such that it can
>> prepend a %groupname <- notice that it is not fully qualified dn.
>
>If memberUser can point to either a user or a group, and we read a
>memberUser entr
Password policy needs to update the class of service priority in another
entry. Include the CoS attribute when reporting rights.
rob
>From 624ee8daeb26c420722d11e6f37af315e4922847 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 9 Nov 2010 16:05:54 -0500
Subject: [PATCH] Fix returning e
On Tue, 9 Nov 2010 15:12:25 -0500
Simo Sorce wrote:
> On Mon, 8 Nov 2010 19:34:12 -0500
> Simo Sorce wrote:
>
> > Patch 0004: Add basic certification creation for selfsigned CA and
> > KDC configuration. opnessl had to be used because the NSS tools
> > cannot deal with the special subjectaltNam
On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
> Make sure a detached group has the default list of objectclasses.
> ipaUniqueId is handled by the new uuid plugin.
>
> https://fedorahosted.org/freeipa/ticket/250
>
> rob
I haven't fully tested the patch yet, but this caught my at
On 11/16/2010 11:52 PM, Endi Sukma Dewata wrote:
Hi,
Please review the attached patch. Thanks!
https://fedorahosted.org/reviewboard/r/109/
The service and host details pages have been modified to display
Kerberos key provisioning status and to provide a way to unprovision.
The host enrollmen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2010 02:24 PM, Simo Sorce wrote:
> On Thu, 18 Nov 2010 07:21:04 -0500
> Stephen Gallagher wrote:
>
>> Doing the forward septets is easy (1*x..7*x), but the reverse septets
>> are more complicated (since they would be (y-1*x..y-7*x), where y
Stephen Gallagher wrote:
> On 11/18/2010 09:31 AM, Adam Young wrote:
> > On 11/18/2010 07:09 AM, Stephen Gallagher wrote:
> > On 11/17/2010 04:51 PM, Adam Young wrote:
>
> On 11/17/2010 04:31 PM, Simo Sorce wrote:
>
> > On Wed, 17 Nov 2010 16:07:24 -0500
> > Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2010 09:31 AM, Adam Young wrote:
> On 11/18/2010 07:09 AM, Stephen Gallagher wrote:
> On 11/17/2010 04:51 PM, Adam Young wrote:
>
On 11/17/2010 04:31 PM, Simo Sorce wrote:
> On Wed, 17 Nov 2010 16:07:24 -0500
> Stephe
On 11/18/2010 07:09 AM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:51 PM, Adam Young wrote:
On 11/17/2010 04:31 PM, Simo Sorce wrote:
On Wed, 17 Nov 2010 16:07:24 -0500
Stephen Gallagher wrote:
This will require two changes to
On Thu, 18 Nov 2010 08:37:32 -0500
Dmitri Pal wrote:
> Simo Sorce wrote:
> > On Thu, 18 Nov 2010 07:21:04 -0500
> > Stephen Gallagher wrote:
> >
> >
> >> Doing the forward septets is easy (1*x..7*x), but the reverse
> >> septets are more complicated (since they would be (y-1*x..y-7*x),
> >> w
On Thu, 18 Nov 2010 08:29:55 -0500
Dmitri Pal wrote:
> Endi Sukma Dewata wrote:
> > On 11/17/2010 3:21 PM, Dmitri Pal wrote:
> >>> In a related note, we also discussed how to handle describing
> >>> activity windows that cross the midnight boundary. It's my
> >>> recommendation that we
> >>> shou
Simo Sorce wrote:
> On Thu, 18 Nov 2010 07:21:04 -0500
> Stephen Gallagher wrote:
>
>
>> Doing the forward septets is easy (1*x..7*x), but the reverse septets
>> are more complicated (since they would be (y-1*x..y-7*x), where y is
>> the total number of days in the month (which also has to acco
Endi Sukma Dewata wrote:
> On 11/17/2010 3:21 PM, Dmitri Pal wrote:
>>> In a related note, we also discussed how to handle describing activity
>>> windows that cross the midnight boundary. It's my recommendation
>>> that we
>>> should handle examples like the following by breaking them into two
>>>
https://fedorahosted.org/freeipa/ticket/471
From 16a64eaabe4041a63ccfb2473b1c75c9dbe0a3e0 Mon Sep 17 00:00:00 2001
From: Adam Young
Date: Wed, 17 Nov 2010 21:12:55 -0500
Subject: [PATCH] add button
the spec had three add buttons: this one is the basic, 'add and then close'
https://fedorahosted
On Thu, 18 Nov 2010 07:21:04 -0500
Stephen Gallagher wrote:
> Doing the forward septets is easy (1*x..7*x), but the reverse septets
> are more complicated (since they would be (y-1*x..y-7*x), where y is
> the total number of days in the month (which also has to account for
> leap years).
>
> I t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:48 PM, Sumit Bose wrote:
> On Wed, Nov 17, 2010 at 04:07:24PM -0500, Stephen Gallagher wrote:
> After extended discussion, Simo, Ben and I discussed replacing this
> week-of-the-month concept with a septet-of-the-month concept instead.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 06:37 PM, Endi Sukma Dewata wrote:
> On 11/17/2010 5:24 PM, Endi Sukma Dewata wrote:
>> Will the user need to be aware of this issue? In other words, will the
>> UI enforce the user to split a schedule that crosses midnight manually?
>>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:51 PM, Adam Young wrote:
> On 11/17/2010 04:31 PM, Simo Sorce wrote:
>> On Wed, 17 Nov 2010 16:07:24 -0500
>> Stephen Gallagher wrote:
>>
>>
>>> This will require two changes to the HBAC schema. First of all, we
>>> plan to drop th
53 matches
Mail list logo
