Re: [Freeipa-devel] [PATCH 0059] Update freeipa-server krb5-server dependency to 1.11.5-5

On 07/21/2014 06:35 PM, Nathaniel McCallum wrote: Previous versions of libkrb5 can't handle expired passwords inside the FAST tunnel. This breaks the password change UI in FreeIPA. ACK, this was easy. Pushed to: master: 53c8efe62f5de1bd48fbdf7bef3fa31debe81de3 ipa-4-1:

Re: [Freeipa-devel] [PATCH] 0002 Improve password validity check

On 07/21/2014 04:08 PM, David Kupka wrote: On 07/18/2014 12:52 PM, Martin Kosek wrote: On 07/18/2014 12:33 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/2796 1) Would it be easier/more convenient to just implement following simple check instead of bad_prefix/bad_suffix?

Re: [Freeipa-devel] [PATCH] Always record that pkicreate has been executed

On 07/21/2014 04:08 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/2796 This works fine. It will help us remove some user frustration when stuck with partially installed Dogtag (JFTR, the cure is pkidestroy -s CA -i pki-tomcat). ACK. Pushed to: master:

Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

On 06/26/2014 10:39 AM, Martin Kosek wrote: On 06/26/2014 07:28 AM, James wrote: I think it's kind of funny that the cert for: https://www.freeipa.org/ is invalid, particularly since this is a security product. In any case, feel free to forward to whoever maintains this in case someone

Re: [Freeipa-devel] [PATCHES] 295-299 Allow changing chaining of the IPA CA certificate

Rob Crittenden wrote: Jan Cholasta wrote: On 2.7.2014 19:37, Jan Cholasta wrote: On 2.7.2014 19:08, Rob Crittenden wrote: Trimming to respond to your questions. Not sure if this is related: # pki cert-find PKIException: Internal Server Error I'm pretty sure the cert-find error is related

[Freeipa-devel] #4450: how to allow password migration?

Hello, I was thinking more about the solution to fix migration in FreeIPA 4.0 as proposed in https://fedorahosted.org/freeipa/ticket/4450#comment:6 and I realized it will be more complicated. Conditionally enabling nsslapd-allow-hashed-passwords in cn=config when migration mode is enabled is

[Freeipa-devel] [PATCH] 129 ipa-kdb: fix unit tests

Hi, it looks like the ipa-kdb unit test is broken. This patch tries to fix it. bye, Sumit From 5de7f5790d895251c7a22b6af804ac5c61c553c4 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 22 Jul 2014 17:17:45 +0200 Subject: [PATCH] ipa-kdb: fix unit tests ---

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Forgot about --trust-secret. Here is an updated patch. On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta jchol...@redhat.com wrote: On 21.7.2014 10:28, Martin Kosek wrote: On 07/21/2014 09:56 AM, Jan Cholasta wrote: Hi, On 16.7.2014 05:48, Gabe Alford wrote: Hello, Adds AD admin and