On Fri, Jun 6, 2014 at 6:22 PM, Rich Megginson wrote:
>
> grep nsslapd-rootpw /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
>
> The pwdhash command can be used to create a hashed password.
Ah, brilliant, this works great, thanks!!
___
Freeipa-devel mailing li
On 06/06/2014 03:57 PM, James wrote:
On Fri, 2014-06-06 at 14:43 -0400, Simo Sorce wrote:
On Fri, 2014-06-06 at 14:06 -0400, James wrote:
On Fri, 2014-06-06 at 08:51 -0400, Simo Sorce wrote:
But let me ask a more important question, how do you distribute the
public keys securely ? Is it pup
On Fri, 2014-06-06 at 14:43 -0400, Simo Sorce wrote:
> On Fri, 2014-06-06 at 14:06 -0400, James wrote:
> > On Fri, 2014-06-06 at 08:51 -0400, Simo Sorce wrote:
> > > But let me ask a more important question, how do you distribute the
> > > public keys securely ? Is it puppet fetching them from ea
On Fri, 2014-06-06 at 14:06 -0400, James wrote:
> On Fri, 2014-06-06 at 08:51 -0400, Simo Sorce wrote:
> > Yes, the dm_password was chosen because it is needed to actually
> > initialize and install the replica, so instead of asking it twice we
> > just ask for it once and use it *also* to encrypt
On 6/6/2014 10:43 AM, Petr Vobornik wrote:
On 6.6.2014 15:45, Endi Sukma Dewata wrote:
On 6/5/2014 9:25 AM, Endi Sukma Dewata wrote:
ACK for patches #592-#628. I'll continue reviewing the rest.
ACK for patches #633-639, #642, #644, #652, and #653. Patches #640 &
#641 have an issue (see #19 be
On Fri, 2014-06-06 at 15:10 +0200, Jan Pazdziora wrote:
> On Fri, Jun 06, 2014 at 08:51:39AM -0400, Simo Sorce wrote:
> >
> > Clearly puppet has root level access to the system so you do not (should
> > not ?) care much about preventing access to these systems, the aim is to
> > not inadvertently
On Fri, 2014-06-06 at 14:03 +0200, Jan Pazdziora wrote:
> On Fri, Jun 06, 2014 at 06:38:10AM -0400, James wrote:
> >
> > I've just announced the first sane implementation for secret handling
> > in puppet. Since everyone does this wrong, I thought I'd do it right,
> > by pioneering a new technique
On Fri, 2014-06-06 at 08:51 -0400, Simo Sorce wrote:
> On Fri, 2014-06-06 at 06:38 -0400, James wrote:
> > Hi FreeIPA,
> >
> > *intro*
> >
> > As some of you might know, I'm currently working on deploying
> > multi-master replicas with puppet. Since it looks like there will be
> > security implic
On Fri, 2014-06-06 at 09:03 -0400, Simo Sorce wrote:
> On Fri, 2014-06-06 at 06:58 -0400, James wrote:
> > On Mon, Jun 2, 2014 at 4:46 AM, Ludwig Krispenz wrote:
> > > Ticket 4302 is a request for an enhancement: Move replication topology to
> > > the shared tree
> >
> >
> > One comment to add:
Hello,
This patch set contains necessary changes for supporting root master zone in
LDAP. I had to remove one hack so now we follow BIND semantics for forwarders.
Please see commit messages.
https://fedorahosted.org/bind-dyndb-ldap/ticket/122
--
Petr^2 Spacek
From 21f7ecd4eb4f977392975034fc9
Hi,
I've created a design page about enhancing the extdom plugin to send the
list of groups of a user together with the POSIX data to IPA clients
with SSSD at
http://www.freeipa.org/page/V4/Extdom_plugin_enhancement_grouplist
For your convenience the text can be found below as well.
Comments an
On Thu, 2014-06-05 at 08:45 +0200, Jan Cholasta wrote:
> On 28.5.2014 22:44, Nathaniel McCallum wrote:
> > On Mon, 2014-05-26 at 16:57 +0200, Jan Cholasta wrote:
> >> On 13.5.2014 19:12, Nathaniel McCallum wrote:
> >>> On Tue, 2014-05-13 at 16:33 +0200, Jan Cholasta wrote:
> On 12.5.2014 21:02
On 06/06/2014 06:12 PM, Dmitri Pal wrote:
On 06/06/2014 09:03 AM, Simo Sorce wrote:
On Fri, 2014-06-06 at 06:58 -0400, James wrote:
On Mon, Jun 2, 2014 at 4:46 AM, Ludwig Krispenz
wrote:
Ticket 4302 is a request for an enhancement: Move replication
topology to
the shared tree
One comment
On 06/06/2014 09:03 AM, Simo Sorce wrote:
On Fri, 2014-06-06 at 06:58 -0400, James wrote:
On Mon, Jun 2, 2014 at 4:46 AM, Ludwig Krispenz wrote:
Ticket 4302 is a request for an enhancement: Move replication topology to
the shared tree
One comment to add:
It would be particularly useful if t
On Fri, 2014-06-06 at 11:43 -0400, Simo Sorce wrote:
> On Fri, 2014-06-06 at 11:06 -0400, Nathaniel McCallum wrote:
> > On Fri, 2014-06-06 at 08:00 -0400, Simo Sorce wrote:
> > > On Fri, 2014-06-06 at 10:30 +0200, Martin Kosek wrote:
> > > > On 05/31/2014 03:27 AM, Simo Sorce wrote:
> > > > > I hav
On 6.6.2014 15:45, Endi Sukma Dewata wrote:
On 6/5/2014 9:25 AM, Endi Sukma Dewata wrote:
ACK for patches #592-#628. I'll continue reviewing the rest.
ACK for patches #633-639, #642, #644, #652, and #653. Patches #640 &
#641 have an issue (see #19 below) that should be fixed before pushing.
Ot
On Fri, 2014-06-06 at 11:06 -0400, Nathaniel McCallum wrote:
> On Fri, 2014-06-06 at 08:00 -0400, Simo Sorce wrote:
> > On Fri, 2014-06-06 at 10:30 +0200, Martin Kosek wrote:
> > > On 05/31/2014 03:27 AM, Simo Sorce wrote:
> > > > I have rebased theold patch attached to the ticket, unfortunately I
On Fri, 2014-06-06 at 08:00 -0400, Simo Sorce wrote:
> On Fri, 2014-06-06 at 10:30 +0200, Martin Kosek wrote:
> > On 05/31/2014 03:27 AM, Simo Sorce wrote:
> > > I have rebased theold patch attached to the ticket, unfortunately I
> > > haven't had time to test it yet, but didn't want to lose it in
Patch 21:
Update per recommendation
Patch 22:
Added version option as well as updated the manpage.
Thanks,
Gabe
On Fri, Jun 6, 2014 at 5:47 AM, Petr Viktorin wrote:
> On 06/06/2014 08:36 AM, Gabe Alford wrote:
>
>> Hello,
>>
>> Patch 21:
>> This is a patch for https://fedorahosted.org/freeip
On 6/5/2014 9:25 AM, Endi Sukma Dewata wrote:
ACK for patches #592-#628. I'll continue reviewing the rest.
ACK for patches #633-639, #642, #644, #652, and #653. Patches #640 &
#641 have an issue (see #19 below) that should be fixed before pushing.
Other issues are minor/unrelated/suggestions
On Fri, Jun 06, 2014 at 08:51:39AM -0400, Simo Sorce wrote:
>
> Clearly puppet has root level access to the system so you do not (should
> not ?) care much about preventing access to these systems, the aim is to
> not inadvertently divulge secrets through manifests and nothing else.
And puppet lo
On Fri, 2014-06-06 at 06:58 -0400, James wrote:
> On Mon, Jun 2, 2014 at 4:46 AM, Ludwig Krispenz wrote:
> > Ticket 4302 is a request for an enhancement: Move replication topology to
> > the shared tree
>
>
> One comment to add:
>
> It would be particularly useful if the interface used to set t
On Fri, 2014-06-06 at 06:38 -0400, James wrote:
> Hi FreeIPA,
>
> *intro*
>
> As some of you might know, I'm currently working on deploying
> multi-master replicas with puppet. Since it looks like there will be
> security implications, I wanted to start off by trying to build some
> confidence. I
On Fri, 2014-06-06 at 09:58 +0200, Petr Viktorin wrote:
> On 06/06/2014 09:43 AM, Petr Spacek wrote:
> > Hello list,
> >
> > I accidentally came across RHEV wikipedia articles mentioning FreeIPA:
> > https://en.wikipedia.org/wiki/FreeIPA
> > https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Virtuali
On Fri, Jun 06, 2014 at 06:38:10AM -0400, James wrote:
>
> I've just announced the first sane implementation for secret handling
> in puppet. Since everyone does this wrong, I thought I'd do it right,
> by pioneering a new technique. You can read about it here:
>
> https://ttboj.wordpress.com/201
On Fri, 2014-06-06 at 10:30 +0200, Martin Kosek wrote:
> On 05/31/2014 03:27 AM, Simo Sorce wrote:
> > I have rebased theold patch attached to the ticket, unfortunately I
> > haven't had time to test it yet, but didn't want to lose it in some
> > branch.
> >
> > Simo.
>
> I tested the patch and i
On 06/06/2014 08:36 AM, Gabe Alford wrote:
Hello,
Patch 21:
This is a patch for https://fedorahosted.org/freeipa/ticket/3724
Nope, doesn't work for me: nolog_replace expects a string.
File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 639, in run_script
re
On 06/05/2014 03:14 PM, Petr Viktorin wrote:
On 06/04/2014 11:42 AM, Tomas Babej wrote:
Hi,
the following set of patches implements the ticket:
https://fedorahosted.org/freeipa/ticket/4052
The refactoring touches both server and client bits, main features are:
* easier inheritance and creati
On Mon, Jun 2, 2014 at 4:46 AM, Ludwig Krispenz wrote:
> Ticket 4302 is a request for an enhancement: Move replication topology to
> the shared tree
One comment to add:
It would be particularly useful if the interface used to set the
topology is something sane that a single host can use to set
On 23.1.2014 14:34, Jan Cholasta wrote:
On 22.1.2014 16:43, Simo Sorce wrote:
On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote:
On 22.1.2014 15:34, Simo Sorce wrote:
On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote:
On 21.1.2014 17:12, Simo Sorce wrote:
Later in the patch you seem
Hi FreeIPA,
*intro*
As some of you might know, I'm currently working on deploying
multi-master replicas with puppet. Since it looks like there will be
security implications, I wanted to start off by trying to build some
confidence. I want to demonstrate that I am as paranoid about getting
the sec
we need to be careful on the process, I have an idea how it could work,
but need to think a bit more about it
I am all ears.
Simo.
We already have several situations (CRL, DNSSEC, cert rotation) where
a single server has to do the job first and all the rest should rely
on that.
We can sim
On 06/04/2014 06:43 PM, Petr Viktorin wrote:
> Hello,
> I try to think about any kind of data the user might have in LDAP, but in the
> spirit of YAGNI, I'll deal with the various corner cases in IPA's historic
> default permissions as I go along.
>
> Patch 0568 adds support for the case where the
On 05/31/2014 03:27 AM, Simo Sorce wrote:
> I have rebased theold patch attached to the ticket, unfortunately I
> haven't had time to test it yet, but didn't want to lose it in some
> branch.
>
> Simo.
I tested the patch and it worked fine, code also reads OK. Thus, I am willing
to ACK it.
I am
On 06/06/2014 09:43 AM, Petr Spacek wrote:
Hello list,
I accidentally came across RHEV wikipedia articles mentioning FreeIPA:
https://en.wikipedia.org/wiki/FreeIPA
https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Virtualization
Those articles could use attention of wordsmith :-) I'm not saying
Hello list,
I accidentally came across RHEV wikipedia articles mentioning FreeIPA:
https://en.wikipedia.org/wiki/FreeIPA
https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Virtualization
Those articles could use attention of wordsmith :-) I'm not saying it should
be full of marketing buzzwords, i
36 matches
Mail list logo