On 03/04/2014 10:13 AM, Alexander Bokovoy wrote:
Attached patch should fix https://fedorahosted.org/freeipa/ticket/4207
where we didn't filter out users from disabled subdomains aggressively
enough.
The code that did not filter exists only in git, not in released
versions yet.
Attached
On Tue, 04 Mar 2014, Martin Kosek wrote:
On 03/04/2014 10:13 AM, Alexander Bokovoy wrote:
Attached patch should fix https://fedorahosted.org/freeipa/ticket/4207
where we didn't filter out users from disabled subdomains aggressively
enough.
The code that did not filter exists only in git, not
On Tue, Mar 04, 2014 at 11:13:25AM +0200, Alexander Bokovoy wrote:
Attached patch should fix https://fedorahosted.org/freeipa/ticket/4207
where we didn't filter out users from disabled subdomains aggressively
enough.
The code that did not filter exists only in git, not in released
versions
On 10/25/2013 05:22 PM, Jérôme Fenal wrote:
2013/10/25 Martin Basti mba...@redhat.com:
On Fri, 2013-10-25 at 16:48 +0200, Jérôme Fenal wrote:
Hi all,
Do we have a place where we publish a daily build of the documentation?
I'd like to send such a link for documentation review by Red Hatters.
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them ?
Clearly we have ACIs but I am wondering if we want to encrypt them with
keys not immediately or easily available via LDAP ?
It's
On (04/03/14 13:48), Martin Kosek wrote:
On 10/25/2013 05:22 PM, Jérôme Fenal wrote:
2013/10/25 Martin Basti mba...@redhat.com:
On Fri, 2013-10-25 at 16:48 +0200, Jérôme Fenal wrote:
Hi all,
Do we have a place where we publish a daily build of the documentation?
I'd like to send such a link
On 03/04/2014 02:26 PM, Lukas Slebodnik wrote:
On (04/03/14 13:48), Martin Kosek wrote:
On 10/25/2013 05:22 PM, Jérôme Fenal wrote:
2013/10/25 Martin Basti mba...@redhat.com:
On Fri, 2013-10-25 at 16:48 +0200, Jérôme Fenal wrote:
Hi all,
Do we have a place where we publish a daily build of
On 03/04/2014 02:28 PM, Martin Kosek wrote:
On 03/04/2014 02:26 PM, Lukas Slebodnik wrote:
On (04/03/14 13:48), Martin Kosek wrote:
On 10/25/2013 05:22 PM, Jérôme Fenal wrote:
2013/10/25 Martin Basti mba...@redhat.com:
On Fri, 2013-10-25 at 16:48 +0200, Jérôme Fenal wrote:
Hi all,
Do we
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them ?
Clearly we have ACIs but I am wondering if we want to encrypt them with
Thanks,
PATCH 341: ACK
(this is the last remaining ACK for this patchset)
On 03/04/2014 11:58 AM, Petr Viktorin wrote:
On 03/03/2014 01:41 PM, Tomas Babej wrote:
Finally got to this patchset!
PATCH 337: ACK
PATCH 338: ACK
This prohibits us to use extra roles that end in digits. Can you
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them ?
Clearly we have ACIs but I am
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).
GSS-Proxy prevents application from accessing key material, right? So
GSS-Proxy could
On Tue, 2014-03-04 at 11:33 +0200, Alexander Bokovoy wrote:
On Tue, 04 Mar 2014, Martin Kosek wrote:
On 03/04/2014 10:13 AM, Alexander Bokovoy wrote:
Attached patch should fix https://fedorahosted.org/freeipa/ticket/4207
where we didn't filter out users from disabled subdomains aggressively
On Tue, 2014-03-04 at 12:10 +0100, Sumit Bose wrote:
On Tue, Mar 04, 2014 at 11:13:25AM +0200, Alexander Bokovoy wrote:
Attached patch should fix https://fedorahosted.org/freeipa/ticket/4207
where we didn't filter out users from disabled subdomains aggressively
enough.
The code that
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them ?
On 03/04/2014 11:08 AM, Petr Spacek wrote:
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as
backend for
Keytab storage (via GSS-Proxy).
GSS-Proxy prevents application from
On 4.3.2014 17:25, Dmitri Pal wrote:
On 03/04/2014 11:08 AM, Petr Spacek wrote:
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I
- Original Message -
From: Petr Vobornik pvobo...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com
Sent: Tuesday, February 25, 2014 2:20:11 PM
Subject: [Freeipa-devel] [PATCH] 545 webui: Don't act on keyboard events
which originated in, different dialog
Fixes issue when:
On 03/04/2014 11:40 AM, Petr Spacek wrote:
On 4.3.2014 17:25, Dmitri Pal wrote:
On 03/04/2014 11:08 AM, Petr Spacek wrote:
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as
- Original Message -
From: Adam Misnyovszki amisn...@redhat.com
To: Petr Vobornik pvobo...@redhat.com
Cc: freeipa-devel freeipa-devel@redhat.com
Sent: Tuesday, March 4, 2014 5:27:21 PM
Subject: Re: [Freeipa-devel] [PATCH] 545 webui: Don't act on keyboard events
which originated
Hello list,
On 13.2.2014 18:36, Petr Spacek wrote:
Automatic key rotation:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm
I have started discussion with OpenDNSSEC people about LDAP database backend
and distributed-key generation:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the
On Mon, 2014-03-03 at 20:12 -0500, Dmitri Pal wrote:
On 03/01/2014 10:07 PM, Adam Young wrote:
On 02/28/2014 10:21 AM, Petr Viktorin wrote:
On 02/28/2014 04:15 PM, Alexander Bokovoy wrote:
On Fri, 28 Feb 2014, Nathaniel McCallum wrote:
On Fri, 2014-02-28 at 16:43 +0200, Alexander Bokovoy
On 03/04/2014 02:03 PM, Nathaniel McCallum wrote:
On Mon, 2014-03-03 at 20:12 -0500, Dmitri Pal wrote:
On 03/01/2014 10:07 PM, Adam Young wrote:
On 02/28/2014 10:21 AM, Petr Viktorin wrote:
On 02/28/2014 04:15 PM, Alexander Bokovoy wrote:
On Fri, 28 Feb 2014, Nathaniel McCallum wrote:
On
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00,
On Tue, 2014-03-04 at 14:11 -0500, Dmitri Pal wrote:
On 03/04/2014 02:03 PM, Nathaniel McCallum wrote:
On Mon, 2014-03-03 at 20:12 -0500, Dmitri Pal wrote:
On 03/01/2014 10:07 PM, Adam Young wrote:
On 02/28/2014 10:21 AM, Petr Viktorin wrote:
On 02/28/2014 04:15 PM, Alexander Bokovoy
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue,
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo
On 4.3.2014 21:25, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25
On Tue, 2014-03-04 at 22:38 +0100, Petr Spacek wrote:
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 22:53, Simo Sorce wrote:
On Tue, 2014-03-04 at 22:38 +0100, Petr Spacek wrote:
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04
On 03/04/2014 04:53 PM, Simo Sorce wrote:
On Tue, 2014-03-04 at 22:38 +0100, Petr Spacek wrote:
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue,
On 03/04/2014 05:14 PM, Petr Spacek wrote:
On 4.3.2014 22:53, Simo Sorce wrote:
On Tue, 2014-03-04 at 22:38 +0100, Petr Spacek wrote:
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19
On 03/04/2014 02:27 PM, Nathaniel McCallum wrote:
On Tue, 2014-03-04 at 14:11 -0500, Dmitri Pal wrote:
On 03/04/2014 02:03 PM, Nathaniel McCallum wrote:
On Mon, 2014-03-03 at 20:12 -0500, Dmitri Pal wrote:
On 03/01/2014 10:07 PM, Adam Young wrote:
On 02/28/2014 10:21 AM, Petr Viktorin wrote:
On 4.3.2014 23:18, Dmitri Pal wrote:
We need PKCS#11 for CA certificates, BIND and OpenDNSSEC anyway so we need
to design schema for *public* data. All private data can be stored in Vault
if we agree on that.
Do we need it on the server and if so can it be exposed by the vault rather
than via
On 03/04/2014 05:30 PM, Petr Spacek wrote:
On
4.3.2014 23:18, Dmitri Pal wrote:
We need PKCS#11 for CA certificates,
BIND and OpenDNSSEC anyway so we need
to design schema for *public* data. All private data can be
On 5.3.2014 05:10, Simo Sorce wrote:
On Tue, 2014-03-04 at 18:32 -0500, Dmitri Pal wrote:
Remote means that there is a PKCS#11 library that can be loaded into a
process and would remotely connect to a central server via
LDAP/REST/whatever. My point is that library should be light weight
and
40 matches
Mail list logo
