On 03/08/2013 12:38 AM, Nathaniel McCallum wrote:
I tried to push my branch of FreeIPA to github and it failed with the
following message. I don't know if anything can be done to fix it, but I
figured I'd mention it.
error: object 0b36ce6dcbfc8d7e6cda632e06a09c369428a2db:invalid
On 8.3.2013 00:14, Rob Crittenden wrote:
Martin Kosek wrote:
Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
and tkey-domain and replace them with tkey-gssapi-keytab which avoids
unnecessary Kerberos checks on BIND startup and can cause issues when
KDC is not available.
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
Can we have one multi-valued attribute which contains names of flags to
On 03/07/2013 06:32 PM, Sumit Bose wrote:
On Wed, Mar 06, 2013 at 05:33:43PM +0100, Sumit Bose wrote:
On Wed, Mar 06, 2013 at 08:51:47AM -0500, Simo Sorce wrote:
On Wed, 2013-03-06 at 14:49 +0100, Martin Kosek wrote:
On 03/06/2013 10:41 AM, Sumit Bose wrote:
On Tue, Mar 05, 2013 at
On Fri, Mar 08, 2013 at 10:31:58AM +0100, Jan Cholasta wrote:
Hi,
On 7.3.2013 21:15, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
Can we
On 03/05/2013 12:59 PM, Tomas Babej wrote:
Hi,
Any of the following checks:
- overlap between primary RID range and secondary RID range
- overlap between secondary RID range and secondary RID range
is performed now only if both of the ranges involved are local
domain ranges.
The way how unhashed password is stored in the entry was changed in
389-ds-base-1.3.0, it is now stored in an entry extension rather than
in a magic attribute unhashed#user#password. New API using an entry
extension was introduced. ipa-pwd-extop should take advantage of the
new API as the old one
On 03/07/2013 08:27 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 03/06/2013 09:52 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
[...]
On new installs, the ACI on cn=Posix IDs,cn=Distributed Numeric
Assignment Plugin,cn=plugins,cn=config is added before the entry
itself.
I didn't test
On 03/07/2013 06:21 PM, Jan Cholasta wrote:
On 7.3.2013 17:59, Petr Viktorin wrote:
On 03/07/2013 04:33 PM, Jan Cholasta wrote:
On 7.3.2013 14:53, Petr Viktorin wrote:
On 03/07/2013 01:43 PM, Jan Cholasta wrote:
Hi,
these patches add flags to LDAPClient and IPAdmin constructors which
can
be
Hi,
http://www.freeipa.org/page/V3/MultipleTrustServers covers RFE to have
multiple domain controllers exposed to trusted domains.
Attached patch also implements needed changes for ipa-adtrust-install
part. Global trust configuration options are already implemented and
available in git master,
On Thu, 2013-03-07 at 15:15 -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on around how the flags
On 03/08/2013 02:13 PM, Petr Viktorin wrote:
On 03/07/2013 06:21 PM, Jan Cholasta wrote:
On 7.3.2013 17:59, Petr Viktorin wrote:
On 03/07/2013 04:33 PM, Jan Cholasta wrote:
On 7.3.2013 14:53, Petr Viktorin wrote:
On 03/07/2013 01:43 PM, Jan Cholasta wrote:
Hi,
these patches add flags to
On Thu 07 Mar 2013 11:01:33 PM CET, Rob Crittenden wrote:
Petr Viktorin wrote:
On 03/07/2013 04:27 PM, Tomas Babej wrote:
On 03/07/2013 04:12 PM, Petr Viktorin wrote:
Thanks! I just have two more very minor nitpicks.
On 03/06/2013 01:04 PM, Tomas Babej wrote:
On 03/05/2013 02:10 PM, Petr
On 03/07/2013 11:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Any of the following checks:
- overlap between primary RID range and secondary RID range
- overlap between secondary RID range and secondary RID range
is performed now only if both of the ranges involved are local
On 03/05/2013 05:27 PM, Jan Cholasta wrote:
On 5.3.2013 16:12, Jan Cholasta wrote:
Hi,
On 4.3.2013 15:29, Petr Viktorin wrote:
I did not test the external CA case when we merged DS instances some
time ago, so it ended up broken. Here is a fix.
Our DsInstance class could only be initialized
On 03/08/2013 12:10 PM, Martin Kosek wrote:
On 03/05/2013 12:59 PM, Tomas Babej wrote:
Hi,
Any of the following checks:
- overlap between primary RID range and secondary RID range
- overlap between secondary RID range and secondary RID range
is performed now only if both of the ranges
Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
There is a bit of hand waving going on
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com
We *could* avoid type potentially but it would expand our
On Fri, Mar 08, 2013 at 12:28:03PM -0500, Nathaniel McCallum wrote:
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
https://fedorahosted.org/freeipa/ticket/3329 here is a bare
On Fri, 2013-03-08 at 18:53 +0100, Sumit Bose wrote:
On Fri, Mar 08, 2013 at 12:28:03PM -0500, Nathaniel McCallum wrote:
On Fri, 2013-03-08 at 10:27 +0100, Sumit Bose wrote:
On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
Based on a comment from Sumit in ticket
Petr Spacek wrote:
On 8.3.2013 16:45, Rob Crittenden wrote:
One would need to pass in the object type they are dealing with:
ipa krbflags --type=user --ok-as-delegate=false sbose
ipa krbflags --type=service --ok-as-delegate=true HTTP/ipa.example.com
We *could* avoid type potentially but it
23 matches
Mail list logo