Re: [Freeipa-devel] [PATCH] 998 certmonger restarts services on renewal

Rob Crittenden wrote: Martin Kosek wrote: On Tue, 2012-03-27 at 17:40 -0400, Rob Crittenden wrote: Certmonger will currently automatically renew server certificates but doesn't restart the services so you can still end up with expired certificates if you services never restart. This patch regi

Re: [Freeipa-devel] [PATCH] 993 disable UPG for migration

Martin Kosek wrote: On Fri, 2012-03-30 at 09:05 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-03-29 at 11:27 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Wed, 2012-03-28 at 17:28 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-03-22 at 15:21 -0400, Rob C

Re: [Freeipa-devel] [PATCH] 245 Forbid public access to DNS tree

Martin Kosek wrote: Test instructions are attached to ticket. -- With a publicly accessible DNS tree in LDAP, anyone with an access to the LDAP server can get all DNS data as with a zone transfer which is already restricted with ACL. Making DNS tree not readable to public is a common security pra

Re: [Freeipa-devel] [PATCH] (master) Support case-insensitive searches for principals during TGS request processing

On Thu, Mar 29, 2012 at 05:02:31PM -0400, Simo Sorce wrote: > On Thu, 2012-03-29 at 16:30 +0300, Alexander Bokovoy wrote: > > This is due to some krbtgt/realm@REALM searches performed in KDC > > without > > allowing for principal aliases and therefore no chance to our > > case-insensitive searches

[Freeipa-devel] [PATCH] 245 Forbid public access to DNS tree

Test instructions are attached to ticket. -- With a publicly accessible DNS tree in LDAP, anyone with an access to the LDAP server can get all DNS data as with a zone transfer which is already restricted with ACL. Making DNS tree not readable to public is a common security practice and should be ap

Re: [Freeipa-devel] [PATCHES] 0025-26 Test improvements

Petr Viktorin wrote: On 03/26/2012 10:44 PM, Rob Crittenden wrote: Petr Viktorin wrote: Patch 25 fixes errors I found by running pylint on the testsuite. They were in code that was unused, either by error or because it only runs on errors. Patch 26 adds a test for the batch plugin. In patch

Re: [Freeipa-devel] [PATCH] 998 certmonger restarts services on renewal

On Mon, Apr 02, 2012 at 03:47:20PM +0200, Martin Kosek wrote: > On Tue, 2012-03-27 at 17:40 -0400, Rob Crittenden wrote: > > Certmonger will currently automatically renew server certificates but > > doesn't restart the services so you can still end up with expired > > certificates if you services

Re: [Freeipa-devel] [PATCH] 998 certmonger restarts services on renewal

Martin Kosek wrote: On Tue, 2012-03-27 at 17:40 -0400, Rob Crittenden wrote: Certmonger will currently automatically renew server certificates but doesn't restart the services so you can still end up with expired certificates if you services never restart. This patch registers are restart comma

Re: [Freeipa-devel] [PATCH] 349 Fixed boot.ldif permission.

Endi Sukma Dewata wrote: The server installation failed on F17 due to permission problem. The /var/lib/dirsrv/boot.ldif was previously owned and only readable by root. It is now owned by DS user dirsrv. Ticket #2544 ACK, pushed to master rob ___ Fr

Re: [Freeipa-devel] [PATCH] 998 certmonger restarts services on renewal

On Tue, 2012-03-27 at 17:40 -0400, Rob Crittenden wrote: > Certmonger will currently automatically renew server certificates but > doesn't restart the services so you can still end up with expired > certificates if you services never restart. > > This patch registers are restart command with cer

Re: [Freeipa-devel] [PATCH] 0032 Move DNS test skipping to class setup

Petr Viktorin wrote: On 03/29/2012 10:18 PM, Rob Crittenden wrote: Petr Viktorin wrote: Currently, each DNS test case first checks if DNS is configured by creating and deleting a test zone. This takes quite a lot of time. This patch moves the check to the setUpClass method, so the check is on

Re: [Freeipa-devel] [PATCH 69] Use indexed format specifiers in i18n strings

John Dennis wrote: Translators need to reorder messages to suit the needs of the target language. The conventional positional format specifiers (e.g. %s %d) do not permit reordering because their order is tied to the ordering of the arguments to the printf function. The fix is to use indexed form

Re: [Freeipa-devel] [PATCH] 1000 fix upgrade crash when updating replication agreements

On Fri, 2012-03-30 at 14:13 -0400, Rob Crittenden wrote: > We check existing agreements to see if they are missing memberof in the > EXCLUDE list. It would crash if this list wasn't present at all. > > So we need to catch this and add in the missing exclusions if they > aren't there at all. > >

Re: [Freeipa-devel] [PATCH] 993 disable UPG for migration

On Fri, 2012-03-30 at 09:05 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Thu, 2012-03-29 at 11:27 -0400, Rob Crittenden wrote: > >> Martin Kosek wrote: > >>> On Wed, 2012-03-28 at 17:28 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Thu, 2012-03-22 at 15:21 -0400, R