On 03/27/2013 10:42 AM, Petr Viktorin wrote:
On 03/27/2013 05:09 PM, Rob Crittenden wrote:
[...]
Well, I don't like how PEM file duplicates an unnecessary amount of
information (the whole certificate). Also, copy-pasting subject might be
faster than exporting certificate in PEM and uploading it
Hi,
this patch does not do anything really useful for now, it just adds
configure checks. The related ticket
https://fedorahosted.org/freeipa/ticket/3434 is in the current milestone
but it can easily deferred to a later milestone if you do not have the
time to review it.
bye,
Sumit
From 8fd76e4b6
On 03/27/2013 12:44 PM, Petr Viktorin wrote:
On 03/27/2013 04:40 PM, John Dennis wrote:
On 03/27/2013 11:23 AM, Petr Viktorin wrote:
I don't want to check the subject because this RFE was prompted by IPA's
normal CA rejecting valid wildcart certs. Is there a reasonable way to
ask NSS if it will
On 03/27/2013 12:42 PM, Petr Viktorin wrote:
On 03/27/2013 05:09 PM, Rob Crittenden wrote:
[...]
Well, I don't like how PEM file duplicates an unnecessary amount of
information (the whole certificate). Also, copy-pasting subject might be
faster than exporting certificate in PEM and uploading it
On 03/27/2013 04:40 PM, John Dennis wrote:
On 03/27/2013 11:23 AM, Petr Viktorin wrote:
I don't want to check the subject because this RFE was prompted by IPA's
normal CA rejecting valid wildcart certs. Is there a reasonable way to
ask NSS if it will trust the cert?
Yes. NSS provides a variety
On 03/27/2013 05:09 PM, Rob Crittenden wrote:
[...]
Well, I don't like how PEM file duplicates an unnecessary amount of
information (the whole certificate). Also, copy-pasting subject might be
faster than exporting certificate in PEM and uploading it to the
server...
We're talking a one-time op
On 03/27/2013 04:40 PM, Jan Cholasta wrote:
On 27.3.2013 16:23, Petr Viktorin wrote:
On 03/27/2013 03:44 PM, Jan Cholasta wrote:
I have gone through the whole discussion, RFE page and your patches, and
I still don't see why --root-ca-file is necessary. Walking the
certificate chain from the ser
Jan Cholasta wrote:
On 27.3.2013 16:23, Petr Viktorin wrote:
On 03/27/2013 03:44 PM, Jan Cholasta wrote:
I have gone through the whole discussion, RFE page and your patches, and
I still don't see why --root-ca-file is necessary. Walking the
certificate chain from the server cert up to the root
On 3/26/2013 12:55 PM, Endi Sukma Dewata wrote:
On 3/25/2013 6:46 AM, Petr Vobornik wrote:
Reimplemented ^^ to match your proposal. Attaching as patches with new
numbers (271,272) as they don't have much common with the original patch.
The code looks good. Do you have a static/live demo site?
On 03/27/2013 11:23 AM, Petr Viktorin wrote:
I don't want to check the subject because this RFE was prompted by IPA's
normal CA rejecting valid wildcart certs. Is there a reasonable way to
ask NSS if it will trust the cert?
Yes. NSS provides a variety of tools to test validation.
Going just on
On 27.3.2013 16:23, Petr Viktorin wrote:
On 03/27/2013 03:44 PM, Jan Cholasta wrote:
I have gone through the whole discussion, RFE page and your patches, and
I still don't see why --root-ca-file is necessary. Walking the
certificate chain from the server cert up to the root CA is easy, so why
no
On 03/27/2013 03:44 PM, Jan Cholasta wrote:
Hi,
On 22.3.2013 13:10, Petr Viktorin wrote:
The design page for CA-less installation with user-provided SSL certs is
available at http://freeipa.org/page/V3/CA-less_install. I've also
copied it to this mail.
Does it answer all your questions?
I h
On 03/26/2013 10:41 PM, Orion Poplawski wrote:
On 03/26/2013 07:36 PM, Simo Sorce wrote:
On Tue, 2013-03-26 at 19:14 -0400, Rob Crittenden wrote:
Orion Poplawski wrote:
This patch uses the Fedora standard for git versioning
(version-#.git) when making rpms. I'm afraid I haven't been able
to t
Hi,
On 22.3.2013 13:10, Petr Viktorin wrote:
The design page for CA-less installation with user-provided SSL certs is
available at http://freeipa.org/page/V3/CA-less_install. I've also
copied it to this mail.
Does it answer all your questions?
I have gone through the whole discussion, RFE pa
On 03/26/2013 03:05 PM, Jan Cholasta wrote:
> On 25.3.2013 16:21, Martin Kosek wrote:
>> On 03/25/2013 02:41 PM, Martin Kosek wrote:
>>> I checked what you have already and this is what I found:
>>>
>>> 1) Internal error if I try to remove krbticketflags via *attr functions:
>>>
>>> # ipa service-a
On Wed 27 Mar 2013 01:54:49 PM CET, Ana Krivokapic wrote:
On 03/27/2013 12:15 PM, Tomas Babej wrote:
On 03/26/2013 07:45 PM, Ana Krivokapic wrote:
Add the option to create home directories for users on their first login
to ipa-server-install and ipa-replica-install.
https://fedorahosted.org/fr
On 03/27/2013 12:15 PM, Tomas Babej wrote:
> On 03/26/2013 07:45 PM, Ana Krivokapic wrote:
>> Add the option to create home directories for users on their first login
>> to ipa-server-install and ipa-replica-install.
>>
>> https://fedorahosted.org/freeipa/ticket/3515
>>
>>
>>
>> ___
On Wed, Mar 27, 2013 at 12:53:18PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> On Wed, 27 Mar 2013, Sumit Bose wrote:
> >>Additionally, you can request Windows to update list of name suffixes
> >>via UI. Here is how it looks in Windows 2012 Server:
> >>http://abbra.fedorapeople.org/.paste/win2012-mu
On 03/26/2013 07:45 PM, Ana Krivokapic wrote:
Add the option to create home directories for users on their first login
to ipa-server-install and ipa-replica-install.
https://fedorahosted.org/freeipa/ticket/3515
___
Freeipa-devel mailing list
Freeipa
Hi,
On Wed, 27 Mar 2013, Sumit Bose wrote:
Additionally, you can request Windows to update list of name suffixes
via UI. Here is how it looks in Windows 2012 Server:
http://abbra.fedorapeople.org/.paste/win2012-multiple-suffixes.png
Part of ticket https://fedorahosted.org/freeipa/ticket/2848
On Mon, Mar 25, 2013 at 08:07:44PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> following patch allows to enumerate UPN suffixes associated with IPA
> domain and make them available to AD domain we trust.
>
> The patch relies on PASSDB API expansion I'm working on and as such
> requires Samba built
On Tue 26 Mar 2013 06:49:59 PM CET, Martin Kosek wrote:
On 03/26/2013 06:32 PM, Tomas Babej wrote:
On 03/26/2013 05:38 PM, Martin Kosek wrote:
On 03/21/2013 11:59 AM, Martin Kosek wrote:
This set of patches (details in commit messages) allow build and
installation
of FreeIPA in Fedora 19. I te
The FreeIPA team is proud to announce bind-dyndb-ldap version 2.6.
It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/.
The new version has also been built for Fedora 18 and is on its way to
updates-testing:
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-2.6-1
23 matches
Mail list logo
